Based on the suggestion given in:
Account Lockout with pam_tally2 in RHEL6
I have come to a working configuration, wherein account is getting locked out after 3 failed logins.
Catch is that pam_tally counter is getting incremented one even before I enter the password i.e.just when I enter the username. The behaviour is like:
Open SSH client, enter username , tally counter increments by one, enter password, tally counter increment again with one in case of wrong password or resets back to zero incase of right one.
This is leading to behavior as posted by OP in the original thread, but difference is that the same changes suggested aren't working in my RHEL6 anymore.
Some snippets from password-auth:
auth required pam_env.so
auth required pam_tally2.so deny=3 unlock_time=3600 audit
auth sufficient pam_unix.so
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account required pam_tally2.so
/pam.d/sshd
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account required pam_tally2.so
account include password-auth
password include password-auth