Home > Article > Operation and Maintenance > How to lock the user after entering the password incorrectly three times under centos7
The specific method is as follows:
1. Restrict users from remote login
Add content below #%PAM-1.0, that is, the second line , must be written in the front. If it is written in the back, although the user is locked, he can still log in as long as he enters the correct password!
# vim /etc/pam.d/sshd #%PAM-1.0 auth required pam_tally2.so deny=3 unlock_time=300 even_deny_root root_unlock_time=10
Parameter explanation:
even_deny_root also restricts the root user;
deny sets the maximum number of consecutive incorrect logins for ordinary users and root users. If the maximum number is exceeded, the user will be locked. ;
unlock_time sets the time after which the ordinary user is unlocked, the unit is seconds;
root_unlock_time sets the time after which the root user is unlocked, the unit is seconds;
The pam_tally2 module is used here. If pam_tally2 is not supported, you can use the pam_tally module. In addition, different pam versions may have different settings. For specific usage methods, please refer to the usage rules of the relevant modules.
(Recommended tutorial: centos tutorial)
2. Restrict users to log in from tty
Under #%PAM-1.0, That is, the second line, the added content, must be written in front. If it is written in the back, although the user is locked, as long as the user enters the correct password, he can still log in!
# vim /etc/pam.d/login #%PAM-1.0 auth required pam_tally2.so deny=3 lock_time=300 even_deny_root root_unlock_time=10
is also added in line 2!
3. Check the number of user login failures
The command is as follows:
#cd /etc/pam.d/ [root@node100 pam.d]# pam_tally2 --user root Login Failures Latest failure From root 7 07/16/12 15:18:22 tty1
4. Unlock the specified user
The command is as follows:
[root@node100 pam.d]# pam_tally2 -r -u root Login Failures Latest failure From
Recommended related video tutorials: linux video tutorial
The above is the detailed content of How to lock the user after entering the password incorrectly three times under centos7. For more information, please follow other related articles on the PHP Chinese website!