I've set it to 4 to get 3 login attempts : n22 /proc/net/xt_recent # grep MaxAuthTries /etc/ssh/sshd_config MaxAuthTries 4 Reproducible: Always
are you using ssh keys too ? iirc, each key counts as an attempt.
of course - PEBKAC
I can reproduce this without ssh keys. From sshd_config on box137: RSAAuthentication no PubkeyAuthentication no Moreover, ndadm@box137 ~ $ ls ~admin/.ssh known_hosts But ndadm@box137 ~ $ sudo pam_tally2 --user admin Login Failures Latest failure From admin 0 nshulman@nvsasus:~ $ ssh admin@192.168.23.137 Password: (I have typed nothing.) ndadm@box137 ~ $ sudo pam_tally2 --user admin Login Failures Latest failure From admin 1 06/06/11 18:10:24 192.168.20.31 Continuing with empty passwords: Password: Password: Permission denied (keyboard-interactive). ndadm@box137 ~ $ sudo pam_tally2 --user admin Login Failures Latest failure From admin 3 06/06/11 18:14:51 192.168.20.31 nshulman@nvsasus:~ $ ssh admin@192.168.23.137 Password: Password: Account locked due to 6 failed logins Password: (Nothing typed.) ndadm@box137 ~ $ sudo pam_tally2 --user admin Login Failures Latest failure From admin 6 06/06/11 18:15:30 192.168.20.31