Re: Blocklistd blocking ssh despite successful public key authentication

[neitzel%hackett.marshlabs.gaertner.de@localhost (Martin Neitzel)]

> If not, what else might be triggering an increase in the failed
> login tally?
> Is there somewhere else I should be looking?

Just a month ago a was bitten by a sshd+blocklistd combo, and it puzzled
me too for a little while.

On that specific day,

	(1) I was coming from a customer's office place, outside of
	    my whitelisted "home networks",  trying to ssh into
	    my home server.

	(2) I had already an ssh-agent running with three or four
	    client-specific ssh keys not relevant for my home server
	    in place.  (Which I didn't had exercised much before.)

Turns out that sshd registers all the different keys offered to the
server which are not yet the proper one as indivdual events with
blocklistd.  I.e., for me on that day, three wrong keys from the
agent had been "three strikes out" already, triggering the
packetfilter before the proper, standard ~/.ssh/rsa_id could be
even offered.

Solution 1 (the proper one):  add an .ssh/config entry for your server,
nailing the proper client "IdentityFile" from the get-go.

Solution 2 (the quick one):   first connect to your server, then
start/fill your agent with extra keys.

Note that sshd has its MaxAuthTries limit (default: 6) independently
of blocklistd.   That is, once you are equipped with a decent amount
of different keys, typically but not necessarily with an agent,
you'll need to give such identity hints anyway.   blocklistd just
hurts you noticeably earlier, and proabably without any immediate way
to recover :-)

						Martin Neitzel