On Mon, 24 Nov 2025 17:27:19 +0100 Manuel Bouyer <[email protected]> wrote:
> On Mon, Nov 24, 2025 at 03:11:28PM +0000, Sad Clouds wrote: > > On Mon, 24 Nov 2025 12:58:47 +0000 (UTC) > > RVP <[email protected]> wrote: > > > > > You'll have to trace the forked child sshd instance... > > > > > > > I think that is what "ktruss -d" option does. > > you may also need -i, depending on what you want to trace > > -- > Manuel Bouyer <[email protected]> > NetBSD: 26 ans d'experience feront toujours la difference > -- Thanks, I tried "ktruss -di" and it seem the following calls are missing from the trace where sshd refuses to communicate failed user login to blocklistd: 800 800 sshd __socket30(0x1, 0x70000002, 0) = 5 800 800 sshd connect(0x5, 0x7f7ff7e7b738, 0x6a) = 0 800 800 sshd setsockopt(0x5, 0, 0x4, 0x7f7ff2a0313c, 0x4) = 0 800 800 sshd sendmsg(0x5, 0x7f7fffffe010, 0) = 147 The fact that only an invalid user failed login gets registered with blocklistd, suggests some sort of regression in the sshd behavior.
