Where to Unblock SSH Login without Restarting


Nice to be hear and glad to be using Clear Linux!

I have a question about a behavior I’m getting right now when logging in via SSH. Right after installing I start up sshd and if I login via SSH it freezes after five failed attempts, and then if I try to connect to the server again it will not even connect and just times out. This is great, but where is it blocking the additional attempts to connect? If I restart the machine and restart sshd it will allow me to connect to the login prompt again, but I’d like to know where I can remove the block without restarting in the event I have to in the future.

I don’t see anything in the PAM directories that indicates the issue. There doesn’t even appear to be a deny statement for a certain number of login attempts. Does anyone know where I could find and unblock whatever is blocking my ability to connect after 5 unsuccessful attempts?


I’m answering my own question in case anyone else runs into this. This is a result of tallow writing an IPTables rule that excludes basically all external connections after 3 failed re-login attempts. Once this rule is written into ipset it lasts for 3600 seconds by default and you will then be able to attempt a login again.

To see if your IP is blocked:
# ipset list tallow

To unblock your IP:
# ipset del tallow [IP ADDRESS]


Yes, this is tallow working.

Note, you can whitelist addresses in tallow.conf to avoid it. Read man tallow.conf. Also, by default, tallow doesn’t block local lan address families (e.g. 192.168/16 and 10/8 etc.)

Does pam_tally --reset --user USERNAME work here?

No, because pam_tally isn’t the issue here. pam_tally prevents logins at the login level. You would see logins fail, but not time-outs.

Note, by default we do not have pam_tally enabled in clearlinux.

1 Like