Welcome to the Linux Foundation Forum!

Lab 36.1 - Cannot get PAM working with SSH.

Elyas
Elyas Posts: 28
in LFS201 Class Forum

Lab 36.1 does not work and all attempts fail, including help from Google and other online resource.

I need help here. Whom can I contact?

It seems that PAM and SSH do not work great together.

Online resources suggest that the solution provided is not a good one in the lab (apart from the fact that no one can get it running).

Comments

  • Adam Cripps
    Adam Cripps Posts: 3
    I can confirm that I'm having the same problem, running a stock ubuntu 14.04 machine in a virtualbox.
  • ultraninja
    ultraninja Posts: 20
    edited December 2015
    I also had the same battle on ubuntu 14.04 as you gents. Google to the rescue:
    Ubuntu how to faillog

    1) Apparently, the line order of the file is critical. in /etc/pam.d/sshd, you need to place the auth line above the @include common-auth. So it will apply the pam_tally2 rule first.

    /etc/pam.d/sshd 
    # PAM configuration for the Secure Shell service

# Standard Un*x authentication.
auth required pam_tally2.so deny=3 onerr=fail
@include common-auth

    2) The other change I had to make was to edit the /etc/ssh/sshd_config file. Change ChallengeResponseAuthentication from no to yes.
    /etc/ssh/sshd_config 
    ChallengeResponseAuthentication yes

    While you're in there be sure to verify "UsePAM yes". Mine was already yes.
    After those changes, my test account was locked after bad 3 attempts, and I was able to view and reset failed login tally with pam_tally2.

Categories

Upcoming Training