Lab 36.1 - PAM module

Elyas

I use Ubuntu and try to follow the steps described in the lab.

I unfortunately cannot make use of PAM.

I inserted the lines that were given

auth required pam_tally2.so deny=3 onerr=fail
account required pam_tally2.so

into the /etc/pam.d/sshd file, but after three failed attempts I can login via SSH successfully. The command sudo pam_tally2 does not display anything neither.

Maybe I need to put the two lines in a proper place in the file (if the order does matter)?

Can anyone help me with that? Any advices?

Elyas

On CentOS 7 it just works as described in the lab.

I think I solved it on Ubuntu. You might need to adapt the /etc/ssh/sshd_config file.

First of all you should activate PAM for SSH:

UsePAM yes

Then you should make sure the following lines are as follows (I don't understand exactly why or what those lines do exactly, but it works that way):

ChallengeResponseAuthentication yes
PasswordAuthentication no

Once this is done simply follow the lab instructions and it should work as expected.

luisviveropena

Hi Elyas,

I'm glad that you were able to solve the issue. It's common to find some differences between distros, so be sure that you will find more within time.

You can find more information about PAM here:

http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html

Regards,
Luis.

dbuday

It doesn't solve it here.

I'm using Ubuntu 14.04 and have the same problem.

 

I've added those lines, but nothing happens.

pam_tally2 doesn't report any login Failures (counter is always at 0).

UsePAM yes is already uncommented in /etc/ssh/sshd_config (very last line)

I also tried restarting ssh service - no help there.

I tried loggging in console (tty3 - i always use 1 and 2) - nothing.

Any ideas?

luisviveropena

Hi, I'm going to do a test on Ubuntu 14.04 and I'll let you know what I found.

Regards,

Luis.

vam

ubuntu 14.04, openssh-server, confirmed not working

editing options doesn't work

Ajlinux

Hi

Hope you are well.

Do we have instruction updates on this.  Need to resolve this for the labs.

 

Thanks

AJ

luisviveropena

Hi,

I did the test on Ubuntu 14.04 and in fact it didn't work. I'll see if I can troubleshoot it. And as reported, pam_tally2 doesn't report any login issues.

Regards,

Luis.

luisviveropena

Hi,

I got it to work with the following _in the begining of the configuration file_ :

auth required pam_tally2.so deny=3 onerr=fail

@include common-auth

account required pam_tally2.so 

[...]

Regards,

Luis.

harrchen

While pam_tally2 -u username reports the failed logins, it doesn't actually lock the account for me.  Are you sure the configuration you used locks the account after 3 failed attempts? 

Thanks

Harry

harrchen

The above setting will report correctly the failed logins.  However, it doesn't really lock the account.  Are there any other files to be edited in addition to the sshd file?

Thanks.

Harry

luisviveropena

Hi,

Yes, it locked the account for me. In fact I was unable to connect by ssh and I received an error message.

Regards,

Luis.