When a Linux (Ubuntu) user enters an incorrect password N times in a row to log in, the system will be automatically locked for X minutes

1. Edit the PAM configuration file

sudo vim /etc/pam.d/login

In the second line add

auth required pam_tally2.so deny=3 unlock_time=5 even_deny_root root_unlock_time=10

Parameter Introduction

even_deny_root also restricts the root user;
deny sets the maximum number of consecutive incorrect logins for common users and root users. If the maximum number is exceeded, the user will be locked out.
unlock_time sets the time after which a normal user will be unlocked after being locked, in seconds;
root_unlock_time sets the time after which the root user will be unlocked after being locked, in seconds; 

The pam_tally2 module is used here. If pam_tally2 is not supported, you can use the pam_tally module. In addition, different pam versions may have different settings. For specific usage methods, please refer to the usage rules of related modules.

Notice

In the second line, add content. It must be written in the front . If it is written at the end, although the user is locked, as long as the user enters the correct password, he can still log in!

2. Modify the sshd file

This only restricts users from logging in from tty, but not from remote login. If you want to restrict remote login, you need to modify the sshd file.

sudo vim /etc/pam.d/sshd

Continue to add on the second line

auth required pam_tally2.so deny=3 unlock_time=5 even_deny_root root_unlock_time=10 

View the number of failed login attempts:

sudo pam_tally2 --user

result

ubuntu@VM-0-5-ubuntu:~$ sudo pam_tally2 --user
Login Failures Latest failure From
root 3 09/29/19 15:53:24 45.119.212.105
ubuntu 9 09/29/19 15:46:58 223.107.140.84

Unlock the specified user:

sudo pam_tally2 -r -u ubuntu

ubuntu@VM-0-5-ubuntu:~$ sudo pam_tally2 -r -u ubuntu
Login Failures Latest failure From
ubuntu 15 09/29/19 15:58:49 223.107.140.84

ps: When using remote ssh, I entered the wrong password more than three times but there was no prompt. I was using Xshell and I don’t know if other terminals have prompts, but as long as the set value is exceeded, I cannot log in even if I enter the correct password ! , or wait until the set time and try to enter the correct password again for login authentication

Summarize

The above is what I introduced to you. When a Linux (Ubuntu) user enters an incorrect password N times in a row to log in, the system will be automatically locked for X minutes. I hope it will be helpful to you. If you have any questions, please leave me a message and I will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!