1

The passwords on one of my CentOS boxes is no longer accepted by ssh or su for the user clipuser but that same password is accepted by passwd (after su'ing from root to the user).

/var/log/secure doesn't really have anything useful, here is the relevant log entries:

Feb 21 16:58:37 CLIP sshd[2448]: pam_tally3(sshd:auth): user clipuser (500) tally 31, deny 3
Feb 21 16:58:39 CLIP sshd[2448]: Failed password for clipuser from 172.16.66.239 port 33928 ssh2

Any ideas?

Jason Axelson
  • 334
  • 1
  • 5
  • 17

2 Answers2

5

Seems like your clipuser account has been locked by the pam_tally module. You either have to wait for the unlock timer to expire, or manually run the pam_tally --reset command.

If that happened, then it can only be one thing: The password you used to login was not the password you set with passwd or you made a typo more than 3 times (or whatever the pam_tally retry count limit is set to in your pam.conf file).

You can do a man pam.conf to see more details about the config, or man pam_tally to read more on the command itself.

Yanick Girouard
  • 2,385
  • 1
  • 18
  • 19
  • +1 -- Also, I believe "tally 31, deny 3" means it has been entered incorrectly 31 times, and it is set to fail after 3 times. – Kyle Smith Feb 22 '12 at 04:43
  • Thanks! That was the problem, I must've entered the password wrong multiple times (very likely) although I was entering it correctly by the time I posted the question. I wish the pam tally question was more clear. – Jason Axelson Feb 22 '12 at 19:54
  • Also on this computer I need to run `pam_tally3` instead of just `pam_tally` – Jason Axelson Mar 09 '12 at 23:26
0

Sounds like your ssh config is blocking remote access for root and su is probably doing something similar locally. Double check all your configs.

Publiccert
  • 1,112
  • 1
  • 8
  • 22