I regularly use blocklistd, but often it blocks out ssh when connecting from a remote network. I have configured public ssh keys in the server's authorized_keys file, so authentication happens without passwords. However, I notice that the failed login tally reported by blocklistctl dump increases, even for a successful login. (I can address this on known safe networks by allowing logins despite failed attempts, but this is not feasible for remote and unknown networks.) This makes me wonder if I have configured the ssh login wrong and that there are failed attempts, which trigger the limit and prevent login, even though the public ssh keys are accepted. I have attached a log of one login attempt below in hopes that it may help identify the problem. This particular attempt increased the failed login tally by one. The only line that looks like it might trigger a failed login attempt to blocklistd is the following: debug1: kex_input_ext_info: publickey-hostbound%openssh.com@localhost (unrecognised) Is that interpretation correct? If so, is this misconfigured? If not, what else might be triggering an increase in the failed login tally? Is there somewhere else I should be looking? Thanks a lot for your help. I am open to suggestions on how to avoid this problem. Cheers, Brook
Attachment:
ssh.log
Description: Binary data