vrandom yet another random IT blog

Unlock user account

Overview

Its not an uncommon occurance for an account to become locked out either through user error or a configuration issue (for example a monitoring service using an out of date credential). The below details the process to reset a user account which has become locked out. This isn’t new information, and there are various KB’s detailing this, but I’m just including it as it was a step in the vROps 6.1 enable ssh post.

The issue

Looking at the /var/log/auth.log file on a vROps 6.1 appliance you may see log lines such as the below:

[~]$ tail /var/log/auth.log
2015-09-15T10:59:53+00:00 localhost sshd[9689]: pam_tally2(sshd:auth): user root (0) tally 18, deny 3
2015-09-15T10:59:56+00:00 localhost sshd[9689]: Failed password for root from 10.x.xxx.xxx port 50118 ssh2
2015-09-15T10:59:56+00:00 localhost sshd[9689]: Failed password for root from 10.x.xxx.xxx port 50118 ssh2
2015-09-15T10:59:57+00:00 localhost sshd[9689]: Connection closed by 10.x.xxx.xxx [preauth]
2015-09-15T10:59:57+00:00 localhost sshd[9689]: Connection closed by 10.x.xxx.xxx [preauth]

enable ssh

Or on a VCSA 6.0 you might see something like this in /var/log/messages.log:

2015-09-15T12:42:15.445905+00:00 vcsa01 python: pam_tally2(passwd:auth): user root (0) tally 6, deny 3
2015-09-15T12:42:18.795515+00:00 vcsa01 python: pam_tally2(passwd:auth): user root (0) tally 6, deny 3
2015-09-15T12:42:24.392723+00:00 vcsa01 sshd[27626]: pam_mgmt_cli(sshd:auth): Failed to authenticate with applmgmt service, service not responding (253)
2015-09-15T12:42:24.413172+00:00 vcsa01 sshd[27626]: pam_tally2(sshd:auth): user root (0) tally 6, deny 3

This means the tally2 pam module has locked you out due to failed password attempts (“tally X, deny Y” - “you’ve had X attempts, you’re only allowed Y”). So lets use the pam_tally2 command to list where these came from and reset the count:

vrops-appliance:~ $ pam_tally2 --user=root
Login           Failures Latest failure     From
root                4    09/15/15 12:19:30  10.xx.xx.xx
vrops-appliance:~ $ pam_tally2 --user=root
Login           Failures Latest failure     From
root                4    09/15/15 12:19:30  10.xx.xx.xx
vrops-appliance:~ $ pam_tally2 --user=root --reset
Login           Failures Latest failure     From
root                4    09/15/15 12:19:30  10.xx.xx.xx
vrops-appliance:~ $ pam_tally2 --user=root
Login           Failures Latest failure     From
root                0

You should now be able to authenticate again.

References

There are numerous KB’s relating to various VMware products which detail the above process, including:

FIN