How to prevent user from using old password (or re-using) again in Linux


In my last article I shared various methods to prevent brute force SSH attacks in Linux. Now we have a scenario where you wish to enforce a certain password restriction in your password policy. We wish to prevent user from using old password while assigning new password i.e. re-using old password when assigning new password.

How to prevent user from using old password (or re-using) again in Linux


Prevent user from using old password

For example I have used password "test123" so next time I assign new password, I will not be allowed to use "test123" again. But then till what history threshold will be keep this cap. Assuming I wish to prevent user from using old password (till 5th old password), older than 5th password can be used.

For example, below are the list of passwords I have assigned over the period of time for deepak user


So next time deepak user can re-use test1 as the password as it was the 6th old password but will not be allowed to use test2 as the new password.

To implement this restriction we must insert the following in /etc/pam.d/system-auth and /etc/pam.d/password-auth (after line):

password    requisite remember=5 use_authtok

From the man page of pam_unix

     When password changing enforce the module to set the new password to the one provided by a previously stacked password module

Let us see this live example. I will try to perform SSH using 'deepak' user. Since the password change is enforced to demonstrate this article, user 'deepak' must change his password.

[root@rhel-7 ~]# ssh deepak@
deepak@'s password:
You are required to change your password immediately (root enforced)
Last login: Sat Aug 31 18:05:47 2019 from
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user deepak.
Changing password for deepak.
(current) UNIX password:
New password:
Retype new password:
Password has been already used. Choose another.

If deepak attempts to use same old password, then he gets the highlighted error.


Lastly I hope the steps from the article to prevent user from using old password (or re-using) again in Linux was helpful. So, let me know your suggestions and feedback using the comment section.


If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

Leave a Comment