Welcome to the Linux Foundation Forum!

Lab 36.1 - Cannot get PAM working with SSH.


Lab 36.1 does not work and all attempts fail, including help from Google and other online resource.

I need help here. Whom can I contact?

It seems that PAM and SSH do not work great together.

Online resources suggest that the solution provided is not a good one in the lab (apart from the fact that no one can get it running).


  • Adam Cripps
    I can confirm that I'm having the same problem, running a stock ubuntu 14.04 machine in a virtualbox.
  • ultraninja
    ultraninja Posts: 20
    edited December 2015
    I also had the same battle on ubuntu 14.04 as you gents. Google to the rescue:
    Ubuntu how to faillog

    1) Apparently, the line order of the file is critical. in /etc/pam.d/sshd, you need to place the auth line above the @include common-auth. So it will apply the pam_tally2 rule first.

    # PAM configuration for the Secure Shell service
    # Standard Un*x authentication.
    auth required pam_tally2.so deny=3 onerr=fail
    @include common-auth

    2) The other change I had to make was to edit the /etc/ssh/sshd_config file. Change ChallengeResponseAuthentication from no to yes.
    ChallengeResponseAuthentication yes

    While you're in there be sure to verify "UsePAM yes". Mine was already yes.
    After those changes, my test account was locked after bad 3 attempts, and I was able to view and reset failed login tally with pam_tally2.


Upcoming Training