Pam_tally2 is an account locking module for unix that will lock out an account for to many logins, you can use programs like fail2ban/csf to block the IP if it’s a remote service and it’s supported but┬áthere are cases where you may just wish to lock out that user instead (E.g if you know the IP is shared, or part of a multi-layered approach) — The post by┬áBembot is mostly correct other than the typo it’s not pal_tally2

I also adjusted the timeout and got rid of magicroot.


auth required deny=3 unlock_time=xxxx


account required deny=3 unlock_time=xxxx

Replace 3 with the desired threshold and xxxx with the time in seconds