Where to Unblock SSH Login without Restarting

Hi!

Nice to be hear and glad to be using Clear Linux!

I have a question about a behavior I’m getting right now when logging in via SSH. Right after installing I start up sshd and if I login via SSH it freezes after five failed attempts, and then if I try to connect to the server again it will not even connect and just times out. This is great, but where is it blocking the additional attempts to connect? If I restart the machine and restart sshd it will allow me to connect to the login prompt again, but I’d like to know where I can remove the block without restarting in the event I have to in the future.

I don’t see anything in the PAM directories that indicates the issue. There doesn’t even appear to be a deny statement for a certain number of login attempts. Does anyone know where I could find and unblock whatever is blocking my ability to connect after 5 unsuccessful attempts?

Best,
James

I’m answering my own question in case anyone else runs into this. This is a result of tallow writing an IPTables rule that excludes basically all external connections after 3 failed re-login attempts. Once this rule is written into ipset it lasts for 3600 seconds by default and you will then be able to attempt a login again.

To see if your IP is blocked:
# ipset list tallow

To unblock your IP:
# ipset del tallow [IP ADDRESS]

3 Likes

Yes, this is tallow working.

Note, you can whitelist addresses in tallow.conf to avoid it. Read man tallow.conf. Also, by default, tallow doesn’t block local lan address families (e.g. 192.168/16 and 10/8 etc.)

Does pam_tally --reset --user USERNAME work here?

No, because pam_tally isn’t the issue here. pam_tally prevents logins at the login level. You would see logins fail, but not time-outs.

Note, by default we do not have pam_tally enabled in clearlinux.

1 Like