summaryrefslogtreecommitdiff
path: root/source/n/openssh/sshd.pam
diff options
context:
space:
mode:
Diffstat (limited to 'source/n/openssh/sshd.pam')
-rw-r--r--source/n/openssh/sshd.pam23
1 files changed, 14 insertions, 9 deletions
diff --git a/source/n/openssh/sshd.pam b/source/n/openssh/sshd.pam
index 0c465192..570412d6 100644
--- a/source/n/openssh/sshd.pam
+++ b/source/n/openssh/sshd.pam
@@ -3,12 +3,17 @@
# protecting itself. You may uncomment it if you like, but then you may
# need to add additional consoles to /etc/securetty if you want to allow
# root logins on them, such as: ssh, pts/0, :0, etc
-#auth required pam_securetty.so
-auth include system-auth
-auth include postlogin
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session include system-auth
-session include postlogin
-session required pam_loginuid.so
+#auth required pam_securetty.so
+# To set a limit on failed authentications, the pam_tally2 module
+# can be enabled. See pam_tally2(8) for options.
+#auth required pam_tally2.so deny=4 unlock_time=1200
+auth include system-auth
+auth include postlogin
+# Also uncomment this line to use pam_tally2:
+#account required pam_tally2.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session include postlogin
+session required pam_loginuid.so