Re: blocklistd configuration

[Sad Clouds <cryintothebluesky%gmail.com@localhost>]

On Mon, 24 Nov 2025 17:27:19 +0100
Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:

> On Mon, Nov 24, 2025 at 03:11:28PM +0000, Sad Clouds wrote:
> > On Mon, 24 Nov 2025 12:58:47 +0000 (UTC)
> > RVP <rvp%SDF.ORG@localhost> wrote:
> > 
> > > You'll have to trace the forked child sshd instance...
> > > 
> > 
> > I think that is what "ktruss -d" option does.
> 
> you may also need -i, depending on what you want to trace
> 
> -- 
> Manuel Bouyer <bouyer%antioche.eu.org@localhost>
>      NetBSD: 26 ans d'experience feront toujours la difference
> --

Thanks, I tried "ktruss -di" and it seem the following calls are
missing from the trace where sshd refuses to communicate failed user
login to blocklistd:

   800    800 sshd     __socket30(0x1, 0x70000002, 0) = 5
   800    800 sshd     connect(0x5, 0x7f7ff7e7b738, 0x6a) = 0
   800    800 sshd     setsockopt(0x5, 0, 0x4, 0x7f7ff2a0313c, 0x4) = 0
   800    800 sshd     sendmsg(0x5, 0x7f7fffffe010, 0) = 147

The fact that only an invalid user failed login gets registered with
blocklistd, suggests some sort of regression in the sshd behavior.