- pam_faillock without silent option prints informative messages: "Account temporarily locked due to %d failed logins" and "(%d minutes left to unlock)" during a user is locked. However, ssh login doesn't.
Sample outputs of telnet and ssh logins.
$ telnet host1 Trying 10.1.1.1... Connected to host1. Escape character is '^]'. Kernel 4.18.0-240.el8.x86_64 on an x86_64 83t1 login: testuser Account temporarily locked due to 3 failed logins (10 minutes left to unlock) Password: telnet> quit Connection closed. $ ssh testuser@host1 testuser@host1's password:
man 5 faillock.conf
silent Don't print informative messages to the user. Please note that when this option is not used there will be difference in the authentication behavior for users which exist on the system and non-existing users.
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8