The pam_tally2 module, once used to lock user accounts after a certain number of failed SSH login attempts, has been deprecated and replaced by pam_faillock in RHEL-based distributions and other modern Linux distributions, due to more flexibility and security options.
Previously, the pam_tally2 module was responsible for counting failed login attempts and locking accounts. However, as part of security improvements, pam_faillock has become the standard for managing failed login attempts in newer Linux versions by providing better integration and more configuration options.