Re: Blacklistd Issues
- In reply to: Doug Hardie : "Blacklistd Issues"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 17 Apr 2023 20:51:59 UTC
On 4/17/23 13:38, Doug Hardie wrote: > I have been implementing blacklistd. It works fine with postfix and > my web server. However, sshd is not working. I have enabled the > UseBlacklistd configuration line. However, no amount of invalid > id/passwords generate an entry in either blacklistd or pf. Running > ktrace with invalid web requests on blacklistd shows that it obtains > the endpoints properly and calls the helper to do the work. However, > when sending invalid id/passwords via ssh, blacklistd does receive the > proper packets from sshd and it obtains the endpoints, but just ends. > It never calls the helper. I have the entry in blacklistd.conf for > that port, and blacklistd has been restarted many times. Any ideas > what I need to do to get blacklistd to record the calls. There is no > table in pf for that port. However, it appears there needs to be at > least one call to make the table appear. > > -- Doug > shot in the dark - did you set: UseBlacklist yes in /etc/ssh/sshd_conf then restart sshd? -pete -- Pete Wright pete@nomadlogic.org @nomadlogicLA