Date: Thu, 25 Jan 2024 07:04:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 270928] Blacklistd does not handle SSHD failed logins Message-ID: <bug-270928-227-BSYmiiled6@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-270928-227@https.bugs.freebsd.org/bugzilla/> References: <bug-270928-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270928 Jose Luis Duran <jlduran@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jlduran@gmail.com --- Comment #3 from Jose Luis Duran <jlduran@gmail.com> --- Another option could be to avoid passing BLACKLIST_BAD_USER (BL_BADUSER) to BLACKLIST_NOTIFY, since per libblacklist(3) it is not supported yet. As you suggest, we could use BLACKLIST_AUTH_FAIL (BL_ADD). This way, we do not mo= dify contrib/blocklist, but rather our own patches under crypto/openssh (crypto/openssh/auth.c and crypto/openssh/auth-pam.c). However, I was not able to reproduce this issue. Invalid attempts were effectively blocked (tested using pf and ipfw, following a basic guide: https://people.freebsd.org/~lidl/blacklistd.html). I wonder if it may have been fixed in bug #264599. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270928-227-BSYmiiled6>