sudo issuing timeout after incorrect password entry

talowicz · 2025-01-29 05:02:47

I find myself mistyping my password frequently (forgive me, i'm only human), and when doing so sudo prevents me from retrying for ~3 secs. This can be frustrating and leads me to CTRL+C'ing the command to save time, only to be met with
another ~3 second delay until I am back into a usable shell. I have used ubuntu in the past and do not have this problem. There must be a configuration file I am not privvy to lol. Could someone please shed some light on this

TL;DR
How do I remove the timeout sudo throws when I enter my password wrong, aswell as being able to CTRL+C without it taking another 3 secs.

Thanks in advance.

mpan · 2025-01-29 08:21:17

This is controlled by PAM. The “/etc/pam.d/sudo” file to be specific, which includes “/etc/pam.d/system-auth”. There are two entries there responsible for the delays:

…
auth       [success=1 default=bad]     pam_unix.so          try_first_pass nullok
auth       [default=die]               pam_faillock.so      authfail
…

pam_unix is responsible for the authentication attempt delays, pam_faillock for the final delay on a complete fail (or bailing out).

AFAIK there is no way to control the delay. But both offer an option to disable it: `nodelay`. For pam_unix you need to append the option to the options (last column). For faillock you set it in faillock.conf. Remember that this change affects all local logon attempts over PAM.

If this is just your local, home computer, an additional remedy for fat fingers may be setting `deny` to some absurd high value (999) and `fail_interval` to 1 (second) in faillock.conf. If faillock kicks in, you’ll not be locked out of your machine for 15 minutes. If this is a laptop you take to other places, that change may still be fine.

Last edited by mpan (2025-01-29 08:29:24)

Arch Linux

#1 2025-01-29 05:02:47

sudo issuing timeout after incorrect password entry

#2 2025-01-29 08:21:17

Re: sudo issuing timeout after incorrect password entry

Board footer