Debian 8 jessie.
The goal is to block SSH logins with multiple incorrect password tries. I've added these lines to my /etc/pam.d/sshd file:
auth optional pam_echo.so Before sshd pam_tally
auth required pam_tally2.so file=/var/log/tallylog deny=3 audit _onerr_=fail
auth optional pam_echo.so After sshd pam_tally
I receive the pam_echo lines OK. But no matter what, failed passwords never increment the pam_tally2 failure count. "UsePAM yes" is specified in /etc/ssh/sshd_config. This must be the wrong location for pam_tally2.so but experiments haven't helped me find the right location. Has someone a working configuration they would share? Many thanks....Nick