SSH login works even though user account is locked. - Red Hat Customer Portal

Issue

SSH login works even though the user account is locked.
When a local user account gets locked for any reason (either due to too many login failures when using pam_tally2 or pam_faillock module, or explicitly locked using usermod -L or passwd -l), SSH login for that user continues to succeed.

NOTE: Issue is specific to local user accounts, not IdM users or AD users in an IPA-AD trust environment.

Environment

Red Hat Enterprise Linux 7.x
SSH
Local user account locked by one of pam_tally2, pam_faillock, usermod -L or passwd -l.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2025 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)