On Fri, 21 Nov 2025 11:06:44 -0500 Greg Troxel <[email protected]> wrote:
> Overall I am guessing there is something messed up with your system, > either blocklistd or sshd. I think it's a NetBSD-10.X bug. Tracing blocklistd shows no syscall activity with regard to ssh failure. So looks like no events are ever sent to it. Same config works as expected on NetBSD-9.4: ultra10# uname -a NetBSD ultra10 9.4_STABLE NetBSD 9.4_STABLE (GENERIC) #0: [email protected]:/usr/src/sys/arch/sparc64/compile/GENERIC sparc64 ultra10# cat /etc/blacklistd.conf # adr/mask:port type proto owner name nfail disable [local] ssh stream * * * 10 12h * * * * * 10 60s # adr/mask:port type proto owner name nfail disable [remote] ultra10# rm /var/db/blacklistd.db ultra10# /etc/rc.d/blacklistd onestart Starting blacklistd. ultra10# /etc/rc.d/sshd restart Stopping sshd. Starting sshd. ... Simulate ssh login failure then wait 5 seconds ultra10# blacklistctl dump -a address/ma:port id nfail last access 10.0.0.2/32:22 1/10 2025/11/23 14:29:53
