[Logcheck-devel] Bug#743000: Bug#743000: logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication
Alberto Gonzalez Iniesta
agi at inittab.org
Wed Apr 2 16:58:32 UTC 2014
On Sat, Mar 29, 2014 at 10:53:09PM +0100, philou wrote:
> Current regex in i.d.s/ssh doesn't match when using key exchange authentication.
>
> If not using key exchange authentication, the following log message will be correctly ignored:
>
> Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from 192.0.2.60 port 20042 ssh2
>
> When using key exchange authentication, the following log message will NOT be ignored:
>
> Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from 192.0.2.60 port 60594 ssh2: RSA e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c
>
Hi Philippe,
Could you tell me which option are you using in order to get the latter
message? That way I can reproduce it and fix the rule.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
mailto/sip: agi at inittab.org | en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
More information about the Logcheck-devel
mailing list