1. /etc/pam.d/login 修改
主要是这段代码, 放在第二行
auth required pam_tally2.so deny=5 lock_time=300 even_deny_root root_unlock_time=300
deny:连续错误次数
lock_time:锁定时间 单位秒
even_deny_root root_unlock_time=300 这2个是root用户的配置
#%PAM-1.0
###
auth required pam_tally2.so deny=5 lock_time=300 even_deny_root root_unlock_time=300
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth substack system-auth
auth include postlogin
2 /etc/pam.d/system-auth 最后添加2行
auth required pam_tally.so onerr=fail no_magic_root
account required pam_tally.so deny=5 unlock_time=300 root_unlock_time=300 no_magic_root even_deny_root_account per_user reset
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
session required pam_unix.so
auth required pam_tally.so onerr=fail no_magic_root
account required pam_tally.so deny=5 unlock_time=300 root_unlock_time=300 no_magic_root even_deny_root_account per_user reset
以上是控制tty 登录,并没有设置sshd
3 /etc/pam.d/sshd 修改
主要是这一行 auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300
#%PAM-1.0
auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300
auth required pam_sepermit.so
auth substack password-auth
4 /etc/ssh/sshd_config 修改
##最大连续出错5次
sed -i "s/#MaxAuthTries 6/MaxAuthTries 5/" /etc/ssh/sshd_config
## 空闲客户端保持5分钟
sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 300/" /etc/ssh/sshd_config