ssh login with pam_faillock doesn't display "Account temporarily locked due to %d failed logins".
Issue
- pam_faillock without silent option prints informative messages: "Account temporarily locked due to %d failed logins" and "(%d minutes left to unlock)" during a user is locked. However, ssh login doesn't.
Sample outputs of telnet and ssh logins.
$ telnet host1
Trying 10.1.1.1...
Connected to host1.
Escape character is '^]'.
Kernel 4.18.0-240.el8.x86_64 on an x86_64
83t1 login: testuser
Account temporarily locked due to 3 failed logins
(10 minutes left to unlock)
Password:
telnet> quit
Connection closed.
$ ssh testuser@host1
testuser@host1's password:
man 5 faillock.conf
silent
Don't print informative messages to the user. Please note that when this option is not used there will be difference in the
authentication behavior for users which exist on the system and non-existing users.
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- pam
- openssh
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.