Lab 36.1 - Cannot get PAM working with SSH.

Elyas

Lab 36.1 does not work and all attempts fail, including help from Google and other online resource.

I need help here. Whom can I contact?

It seems that PAM and SSH do not work great together.

Online resources suggest that the solution provided is not a good one in the lab (apart from the fact that no one can get it running).

Adam Cripps

I can confirm that I'm having the same problem, running a stock ubuntu 14.04 machine in a virtualbox.

ultraninja

I also had the same battle on ubuntu 14.04 as you gents. Google to the rescue:
Ubuntu how to faillog

1) Apparently, the line order of the file is critical. in /etc/pam.d/sshd, you need to place the auth line above the @include common-auth. So it will apply the pam_tally2 rule first.

/etc/pam.d/sshd

# PAM configuration for the Secure Shell service

# Standard Un*x authentication.
auth required pam_tally2.so deny=3 onerr=fail
@include common-auth

2) The other change I had to make was to edit the /etc/ssh/sshd_config file. Change ChallengeResponseAuthentication from no to yes.
/etc/ssh/sshd_config

ChallengeResponseAuthentication yes

While you're in there be sure to verify "UsePAM yes". Mine was already yes.
After those changes, my test account was locked after bad 3 attempts, and I was able to view and reset failed login tally with pam_tally2.