How To Reset Sudo Password Lockout

Entering a password incorrectly too many times happens to all of us. It could be entering the desktop or running a sudo command from the command line as a user. After 3 failed attempts sudo will lock that user account from logging in for a period.

Here’s how to reset sudo so they can log in again immediately. Here is me deliberately entering an incorrect password three times for user :

$ sudo -i
[sudo] password for <USER>:
Sorry, try again.
[sudo] password for <USER>:
Sorry, try again.
[sudo] password for <USER>:
sudo: 3 incorrect password attempts

This will also print a lines like the following to the systemd journal:

sudo[21979]: pam_faillock(sudo:auth): Consecutive login failures for user <USER> account temporarily locked
sudo[21979]:   <USER> : 3 incorrect password attempts ; TTY=pts/3 ; PWD=/root ; USER=root ; COMMAND=/bin/bash

First, the following command (run as root) will show you any accounts that are currently locked:

# faillock --user <USER>
When                Type  Source                                           Valid
2023-05-13 13:39:10 TTY   /dev/pts/3                                           V
2023-05-13 13:39:13 TTY   /dev/pts/3                                           V
2023-05-13 13:39:15 TTY   /dev/pts/3                                           V

Simply unlock them with the following command, again as root:

# faillock --user <USER> --reset

The user is now unlocked and can login and/or run sudo again.

The user can also be unlocked by deleteing the lock file that sudo checks to do the same:

# rm /var/run/faillock/<USER>