SSH login works even though user account is locked.

Solution Verified - Updated -

Issue

  • SSH login works even though the user account is locked.
  • When a local user account gets locked for any reason (either due to too many login failures when using pam_tally2 or pam_faillock module, or explicitly locked using usermod -L or passwd -l), SSH login for that user continues to succeed.

NOTE: Issue is specific to local user accounts, not IdM users or AD users in an IPA-AD trust environment.

Environment

  • Red Hat Enterprise Linux 7.x
  • SSH
  • Local user account locked by one of pam_tally2, pam_faillock, usermod -L or passwd -l.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content