Re: Blacklistd Issues

From: Pete Wright <pete_at_nomadlogic.org>
Date: Mon, 17 Apr 2023 20:51:59 UTC

On 4/17/23 13:38, Doug Hardie wrote:
> I have been implementing blacklistd.  It works fine with postfix and 
> my web server.  However, sshd is not working.  I have enabled the 
> UseBlacklistd configuration line.  However, no amount of invalid 
> id/passwords generate an entry in either blacklistd or pf.  Running 
> ktrace with invalid web requests on blacklistd shows that it obtains 
> the endpoints properly and calls the helper to do the work.  However, 
> when sending invalid id/passwords via ssh, blacklistd does receive the 
> proper packets from sshd and it obtains the endpoints, but just ends. 
>  It never calls the helper.  I have the entry in blacklistd.conf for 
> that port, and blacklistd has been restarted many times.  Any ideas 
> what I need to do to get blacklistd to record the calls.  There is no 
> table in pf for that port.  However, it appears there needs to be at 
> least one call to make the table appear.
>
> -- Doug
>

shot in the dark - did you set:
UseBlacklist yes

in /etc/ssh/sshd_conf then restart sshd?

-pete

-- 
Pete Wright
pete@nomadlogic.org
@nomadlogicLA