title: 60.CentOS8 ssh登录失败5次后锁定5分钟  
CreateTime: 2020-09-19 00:00:00  
UpdateTime: 2020-09-19 00:00:00  
CategoryName: web  
---

---
title: "60.CentOS8 ssh登录失败5次后锁定5分钟"
date: 2020-09-19T00:00:00+08:00
draft: false
tags: ["ssh"]
categories: ["web"]
author: "springrain"
---

## 登录策略
本文实现CentOS8 ssh登录失败5次后锁定5分钟.  
```pam_tally2```模块在centos8已经淘汰,使用```pam_faillock```模块替换.


修改```/etc/pam.d/system-auth``` ```/etc/pam.d/password-auth```,这两个文件是软连接,备份原文件.
```
#修改前备份原文件
cp -rf /etc/authselect/system-auth /etc/authselect/system-auth.bak
cp -rf /etc/authselect/password-auth /etc/authselect/password-auth.bak


#添加以下命令行到 /etc/pam.d/system-auth 文件和/etc/pam.d/password-auth 文件中的对应区段:

auth        required                                     pam_faillock.so preauth silent even_deny_root audit deny=5 unlock_time=300
auth        sufficient                                   pam_unix.so nullok try_first_pass
auth        [default=die]                                pam_faillock.so  authfail even_deny_root  audit  deny=5  unlock_time=300

account     required                                     pam_faillock.so
```
1. auth required pam_faillock.so preauth silent audit deny=5 必须在最前面.
2. 注意上面命令行写在文件的顺序,没配置正确有可能root都无法登录.
3. 如果想锁住root用户,在pam_faillock 条目里添加 even_deny_root 选项

system-auth修改效果如下: 
![system-auth](/public/60/system-auth.jpg)  

password-auth修改效果如下: 
![password-auth](/public/60/password-auth.jpg)  


## 常用命令
```shell
#查看所有用户的尝试失败登录次数
faillock 

#只查看root用户
faillock --user root

#解锁所有用户
faillock --reset

#解锁一个用户
faillock --user root --reset

#其他
faillock --help
```