Thank You! It worked.
create doas.conf: root@openbsd-gw:~ # echo 'permit nopass _syslogd as root cmd /usr/local/sbin/sshlockout' > /etc/doas.conf modify syslog.conf: root@openbsd-gw:~ # cat /etc/syslog.conf | grep sshlockout auth.info;authpriv.info |exec /usr/bin/doas -n /usr/local/sbin/sshlockout -pf lockout check that sshlockout run as root: root@openbsd-gw:~ # ps -aux | grep sshlockout root 13074 0.0 0.2 304 1192 ?? Sp 8:52PM 0:00.01 /usr/local/sbin/sshlockout -pf lockout 04.12.2017, 20:45, "Jeremie Courreges-Anglas" <j...@wxcvbn.org>: > On Mon, Dec 04 2017, Андрей Поляков <andrew-polya...@yandex.ru> wrote: >> Hello >> I have configured sshlockout. But it doesn't work properly. >> >> Here is auth log: >> root@openbsd-gw:~ # cat /var/log/authlog | grep sshlockout >> Dec 4 06:37:54 openbsd-gw sshlockout[27074]: Detected ssh preauth attempt >> for an invalid user, locking out 59.63.166.104 >> Dec 4 07:40:16 openbsd-gw sshlockout[27074]: Detected ssh login attempt for >> an invalid user, locking out 5.188.10.176 >> Dec 4 07:46:34 openbsd-gw sshlockout[27074]: Detected ssh login attempt for >> an invalid user, locking out 185.190.58.108 >> >> But table in pf is empty: >> root@openbsd-gw:~ # pfctl -t lockout -T show > > See the readme that comes with the sshlockout package. > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE