blocklistd detects a failure for a killed ssh session

[Anthony Mallet <anthony.mallet%laas.fr@localhost>]

Hi,

I have the feeling that killing (SIGTERM) an ssh session triggers a
blocklistd failure on the server:

In authlog:
Nov 21 22:37:58 cactus sshd[16361]: Received disconnect from 10.1.0.15 port 57148:11: disconnected by user
Nov 21 22:37:58 cactus sshd[16361]: Disconnected from user me 10.1.0.15 port 57148

And in blocklistd:
cactus[~] # blocklistctl dump -a | grep '10[.]1'
      10.1.0.15/32:22           3/4     2022/11/21 22:37:58

The same also happens if I just close the laptop's lid and the
connection eventually times out :

Nov 21 23:01:59 cactus sshd[18107]: debug2: channel 0: read failed rfd 11 maxlen 32768: Broken pipe
Nov 21 23:01:59 cactus sshd[18107]: debug2: channel 0: read failed
...
Nov 21 23:01:59 cactus sshd[18107]: Close session: user me from 10.1.0.15 port 51772 id 0

cactus[~] # blocklistctl dump -a | grep '10[.]1'
      10.1.0.15/32:22   4       4/4     2022/11/21 23:01:59

This a bit annoying, since those are legitimate connections that where
properly authentified. This happens to me frequently (but I just
started using blocklistd) for me for instance by logging out an X11
session without closing all terminals, or just closing the laptop ...

Would there be a way to improve this, by detecting properly
established connections and not notify blacklistd anymore about these?

Anthony