[rty]

I followed the instruction found at https://wiki.archlinux.org/index.php/Se ... n_attempts by adding
$this->bbcode_second_pass_quote('', 'a')uth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog

[moonman]

pam_tally2 is not working for some reason... old package?

$this->bbcode_second_pass_code('', '[root@Arch Linux ARM install ~]# which pam_tally2
/sbin/pam_tally2
[root@Arch Linux ARM install ~]# /sbin/pam_tally2
/sbin/pam_tally2: No such file or directory
[root@Arch Linux ARM install ~]# file /sbin/pam_tally2
/sbin/pam_tally2: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.27, BuildID[sha1]=0x29f71e59ea318fb2fe19c4a8d4b787a10c1f0172, stripped')

[moonman]

I collected patches all over the place and recompiled the whole pam package and this one seems to work.

$this->bbcode_second_pass_code('', 'cd ~
wget http://music4dance.mine.nu/Downloads/ArchLinuxArm/pam-1.1.5-4-arm.pkg.tar.xz
pacman -U ./pam-1.1.5-4-arm.pkg.tar.xz')

Here are the pre-patched sources, I didn't create any patch files :
http://www.mediafire.com/file/52354jlrz ... .5.tar.bz2
http://www.mediafire.com/file/9ikqbnzfk ... .6.tar.bz2

[rty]

Thanks Moonman. I executed these lines below on my new GFH but it won't lock me out after three failed login attempts

$this->bbcode_second_pass_code('', 'cd ~
wget http://music4dance.mine.nu/Downloads/ArchLinuxArm/pam-1.1.5-4-arm.pkg.tar.xz
pacman -U ./pam-1.1.5-4-arm.pkg.tar.xz')

I put this line in /etc/pam.d/login
$this->bbcode_second_pass_code('', '
auth required pam_tally.so deny=2 unlock_time=150 onerr=succeed file=/var/log/faillog
')

[moonman]

This worked for me:
This line has to be first in auth section:
$this->bbcode_second_pass_code('', 'auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=900')

This line needs to be the first in account section:
$this->bbcode_second_pass_code('', 'account required pam_tally2.so reset')

I didn't yet fully test this setup so be careful

[moonman]

Also how to test if it works:

Try logging in 3 times with an incorrect pass, then after you get kicked out, connect back to ssh and this time enter the CORRECT password. You will still be denied access for 15 (in my example 900s = 15m) minutes

[rty]

I tried to login five times with incorrect password and it still allows me to login on the sixth attempt with the correct password.

$this->bbcode_second_pass_code('', '
#%PAM-1.0

auth required pam_tally2.so deny=3 onerr=fail even_deny_root unlock_time=180
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
account required pam_tally2.so reset
account include system-local-login
session include system-local-login
')

[moonman]

Ah, forgot to mention: the file i edited is /etc/pam.d/sshd and after editing reboot the plug.

[rty]

Thanks Moonman! Again, you are the man! The changes should be made on /etc/pam.d/sshd