Pam_tally2 is an account locking module for unix that will lock out an account for to many logins, you can use programs like fail2ban/csf to block the IP if it’s a remote service and it’s supported but there are cases where you may just wish to lock out that user instead (E.g if you know the IP is shared, or part of a multi-layered approach)
http://ubuntuforums.org/showthread.php?t=2295409&page=2 — The post by Bembot is mostly correct other than the typo it’s pam_tally2.so not pal_tally2
I also adjusted the timeout and got rid of magicroot.
auth required pam_tally2.so deny=3 unlock_time=xxxx
account required pam_tally2.so deny=3 unlock_time=xxxx
Replace 3 with the desired threshold and xxxx with the time in seconds