Package: logcheck-database
Version: 1.3.17
Severity: normal
The following rule in ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(:
(RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
is not working with version 6.9 of openssh. Log entries in my system
are like this now:
Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xxxxxx from
000.000.000.000 port 000 ssh2: RSA
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
The problem is that the key hash at the end:
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
does not match the end of the rule:
([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})
Please, fix it.
Thanks,
Rafael Laboissiere
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel