On Wed, Mar 31, 2021 at 09:42:45AM -0700, Greg A. Woods wrote: > > > (Let's keep aside why autossh manages to fail auth for now.) > > Well, that is the very root of the problem, is it not? :-)
It is. I have tried identifying a while back but could not figure out why it happens. IIRC the client just turns silent sometimes midway through the protocol. > tune blocklistd's sensitivity so as to allow as many fat-finger failed > authentications as you feel you might need I went from a stringent 1 (failure) to 2 and then 3 and the frequency of trouble went down, but it did not go away fully. > That becomes more complicated if it's the remote (client) side that has > the changing address and you don't already have a pre-determined way to > do these updates and actions based on a remote trigger or some other > kind of locally initiated monitoring. I can arrange for a client side device to 'inform' the server when the IP changes. When this happens, the server may whitelist it at npf level. But if later, blocklistd tries to block it, what exactly happens. Is it something like I have to put the whitelisting at the end of the filter list or something so that it will have higher precedence than blocklistd? -- Mayuresh
