NetBSD Problem Report #59611

From prvs=0334432bcd=sirius.a@freenet.de  Wed Aug 27 16:48:39 2025
Return-Path: <prvs=0334432bcd=sirius.a@freenet.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 01F481A923E
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 27 Aug 2025 16:48:38 +0000 (UTC)
Message-Id: <20250827164312.9A65A663A37@at166.local>
Date: Wed, 27 Aug 2025 18:43:12 +0200 (CEST)
From: sirius.a@freenet.de
Reply-To: sirius.a@freenet.de
To: gnats-bugs@NetBSD.org
Subject: blocklistd sshd PasswordAuthentication
X-Send-Pr-Version: 3.95

>Number:         59611
>Category:       bin
>Synopsis:       blocklistd sshd PasswordAuthentication
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    christos
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 27 16:50:00 +0000 2025
>Last-Modified:  Mon Sep 01 01:11:06 +0000 2025
>Originator:     sirius.a@freenet.de
>Release:        NetBSD-10.1
>Organization:

>Environment:
 System: NetBSD at166.local 10.1 NetBSD 10.1 (GENERIC) #0: Mon Dec 16 13:08:11 UTC 2024 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
 Architecture: x86_64
 Machine: amd64
>Description:
 If ssh is used with PasswordAuthentication eyery login increments the nfail 
 counter of blocklistd, not only wrong password, even a correct log in
 increments the counter. This happend with ssh and sftp.
 Log in with an ssh-key does not have the issue.
>How-To-Repeat:
 Log in without ssh-key.
>Fix:


>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->bin-bug-people
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Mon, 01 Sep 2025 00:30:17 +0000
Responsible-Changed-Why:
fix up mangled PR


Responsible-Changed-From-To: bin-bug-people->christos
Responsible-Changed-By: riastradh@NetBSD.org
Responsible-Changed-When: Mon, 01 Sep 2025 01:11:06 +0000
Responsible-Changed-Why:
Why does this keep happening?  Didn't we systematically go through and
fix these?  Is this a duplicate of PR 59108?

PR bin/59108: blocklistd/sshd: Allow the nfail counter to be reset once a valid login occurs
https://gnats.netbsd.org/59108


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.