SSH key and pam_tally

I’ve recently managed to lock myself out from my own server. My ssh key worked, but I couldn’t sudo to administer the server.

It happened after changing my expired password, I tried to sudo with my old one and tallied out after 5 attempts. I couldn’t unlock it even after the timeout has long expired. I’ve changed my password and still couldn’t sudo.

It took me a while to figure out that I was an idiot. The key (literally) was the ssh connection I used. Since it used the certificate to identify myself to the server my login didn’t (and shouldn’t)  reset the tally count. As the ssh session has tallied out it didn’t expire.

The simple solution was to log out and reconnect with password authentication.

Note to self, password change or login through webmin didn’t reset the password tally either.

Leave a Reply

Your email address will not be published. Required fields are marked *