Unlock user in the PAM

pam_tally2 -r -u oracle
pam_tally2 -r -u root

Connect using Certificate

Generate our workstation’s certificate
ssh-keygen                   Enter, Enter,Enter

Copy content of our public certificate
cat .ssh/id_rsa_xxx.pub

Paste it to the server for "oracle" user
ssh oracle@172.33.77.x
mkdir .ssh
vi .ssh/authorized_keys            insert copied certificate at the end of this file

Set correct permissions
  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/authorized_keys
exit

Paste it to the server for "root" user
ssh root@172.33.77.x
mkdir .ssh
vi .ssh/authorized_keys            insert copied certificate at the end of this file

Set correct permissions
  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/authorized_keys
exit

Check
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..x          should enter without password
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..x          should enter without password

Troubleshooting
chmod go-w ~                           remove write permissions on the home directory

Aliases on the workstation (Mac)

vi ~/.bash_profile

# alias s='ssh -2 -p 22 This email address is being protected from spambots. You need JavaScript enabled to view it.'
# -2            ssh2
# -p 22         port 22
# alias scotch='ssh This email address is being protected from spambots. You need JavaScript enabled to view it.'
# alias example2='ssh This email address is being protected from spambots. You need JavaScript enabled to view it.'
# alias example3='ssh This email address is being protected from spambots. You need JavaScript enabled to view it..0 -p 56000'
# alias amazon1='ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -i /path/to/special/privatekey/amazon.pem'

###### Oracle DBs ######
# servername database
alias 1='ssh -X This email address is being protected from spambots. You need JavaScript enabled to view it.'
alias 1r='ssh -X This email address is being protected from spambots. You need JavaScript enabled to view it.'

For use run:
1
1r
scotch
example2
example3
amazon1

source ~/.bash_profile          apply settings without restart connection

Deny remote connection as root

Important: Be sure you have access to the server (physical/KVM/VMware console and so on) or another user with sudo privileges

vi /etc/ssh/sshd_config

# PermitRootLogin yes -> uncomment and change on this -> PermitRootLogin no

systemctl restart sshd.service
service sshd restart