How to lock the user after entering the password incorrectly three times under centos7-CentOS-php.cn

How to lock the user after entering the password incorrectly three times under centos7

王林

Release： 2020-03-30 09:42:08

Original

4471 people have browsed it

How to lock the user after entering the password incorrectly three times under centos7

The specific method is as follows:

1. Restrict users from remote login

Add content below #%PAM-1.0, that is, the second line , must be written in the front. If it is written in the back, although the user is locked, he can still log in as long as he enters the correct password!

# vim /etc/pam.d/sshd
#%PAM-1.0  
auth required pam_tally2.so deny=3 unlock_time=300 even_deny_root root_unlock_time=10

Copy after login

Parameter explanation:

even_deny_root also restricts the root user;

deny sets the maximum number of consecutive incorrect logins for ordinary users and root users. If the maximum number is exceeded, the user will be locked. ;

unlock_time sets the time after which the ordinary user is unlocked, the unit is seconds;

root_unlock_time sets the time after which the root user is unlocked, the unit is seconds;

The pam_tally2 module is used here. If pam_tally2 is not supported, you can use the pam_tally module. In addition, different pam versions may have different settings. For specific usage methods, please refer to the usage rules of the relevant modules.

(Recommended tutorial: centos tutorial)

2. Restrict users to log in from tty

Under #%PAM-1.0, That is, the second line, the added content, must be written in front. If it is written in the back, although the user is locked, as long as the user enters the correct password, he can still log in!

# vim /etc/pam.d/login
#%PAM-1.0  
 auth required pam_tally2.so deny=3 lock_time=300 even_deny_root root_unlock_time=10

Copy after login

is also added in line 2!

3. Check the number of user login failures

The command is as follows:

#cd /etc/pam.d/
[root@node100 pam.d]# pam_tally2 --user root    
Login Failures Latest failure From  
root 7 07/16/12 15:18:22 tty1

Copy after login

4. Unlock the specified user

The command is as follows:

[root@node100 pam.d]# pam_tally2 -r -u root  
Login Failures Latest failure From

Copy after login

Recommended related video tutorials: linux video tutorial

The above is the detailed content of How to lock the user after entering the password incorrectly three times under centos7. For more information, please follow other related articles on the PHP Chinese website!