ssh login with pam_faillock doesn't display "Account temporarily locked due to %d failed logins".

Solution Verified - Updated -

Issue

  • pam_faillock without silent option prints informative messages: "Account temporarily locked due to %d failed logins" and "(%d minutes left to unlock)" during a user is locked. However, ssh login doesn't.

Sample outputs of telnet and ssh logins.

$ telnet host1
Trying 10.1.1.1...
Connected to host1.
Escape character is '^]'.

Kernel 4.18.0-240.el8.x86_64 on an x86_64
83t1 login: testuser
Account temporarily locked due to 3 failed logins
(10 minutes left to unlock)
Password: 
telnet> quit
Connection closed.
$ ssh testuser@host1
testuser@host1's password: 

man 5 faillock.conf

       silent
           Don't print informative messages to the user. Please note that when this option is not used there will be difference in the
           authentication behavior for users which exist on the system and non-existing users.

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • pam
  • openssh

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In