Date: Thu, 23 Jun 2016 02:10:51 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 210479] blacklistd(8) and sshd(8) causes login delays and syslog(8) spam Message-ID: <bug-210479-8-ZriadxRm9r@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-210479-8@https.bugs.freebsd.org/bugzilla/> References: <bug-210479-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210479 --- Comment #10 from Glen Barber <gjb@FreeBSD.org> --- (In reply to lidl from comment #9) > (In reply to Glen Barber from comment #6) >=20 > How is sshd supposed to know that blacklistd is enabled but not functioni= ng > properly? >=20 This is why I added DES (and wanted to add you) to the PR. :-) I honestly don't know the answer. I'm still trying to gather more information, in any case. > I suppose I could make the bl_init() code in the blacklist library stat() > the pidfile for the blacklistd daemon, and if not found, not log the > message... But that's pretty fragile and would break if someone moves the > pidfile to a different location... >=20 Agreed on the fragile nature of this. I think this is not a "critical" thi= ng to worry about for 11.0-RELEASE, but it was something I observed as of rece= nt. > The other, much more intrusive, thing would be to add another flag to sshd > (and the other daemons) to specify that blacklist signaling should be used > (and only complain in that configuration, if the connection to the daemon > fails). I think this is far too intrusive, to be honest. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210479-8-ZriadxRm9r>