Package: logcheck Version: 1.3.16 Severity: normal Dear Maintainer,
Current regex in i.d.s/ssh doesn't match when using key exchange authentication. If not using key exchange authentication, the following log message will be correctly ignored: Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from 192.0.2.60 port 20042 ssh2 When using key exchange authentication, the following log message will NOT be ignored: Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from 192.0.2.60 port 60594 ssh2: RSA e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c The regex is: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$ and will not match the key fingerprint. Truly yours, Philippe -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.12-1-486 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.113+nmu3 ii cron 3.0pl1-124 pn default-mta | mail-transport-agent <none> ii lockfile-progs 0.1.17 ii logtail 1.3.16 ii mime-construct 1.11 ii rsyslog [system-log-daemon] 7.6.3-1 Versions of packages logcheck recommends: ii logcheck-database 1.3.16 Versions of packages logcheck suggests: pn syslog-summary <none> -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf information _______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel