This change in logging was introduced in OpenSSH 7.5 and explicitly noted in the "Potentially-incompatible changes" section of the release notes. Bionic has OpenSSH 7.6.
> The format of several log messages emitted by the packet code has > changed to include additional information about the user and > their authentication state. Software that monitors ssh/sshd logs > may need to account for these changes. For example: > Connection closed by user x 1.1.1.1 port 1234 [preauth] > Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth] > Connection closed by invalid user x 1.1.1.1 port 1234 [preauth] > Affected messages include connection closure, timeout, remote > disconnection, negotiation failure and some other fatal messages > generated by the packet code. https://www.openssh.com/txt/release-7.5 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859809 Title: sshguard <2.1.0 doesn't match "Failed password for invalid user ..." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sshguard/+bug/1859809/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs