Package: fail2ban
Version: 0.8.10-3
Severity: important
config/filter.d/sshd.conf has:
^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?:
ssh\d*)?\s*$
This is likely to break with OpenSSH 6.3:
* sshd(8): standardise logging of information during user authentication.
The presented key/cert and the remote username (if available) is now
logged in the authentication success/failure message on the same log
line as the local username, remote host/port and protocol in use.
Certificates contents and the key fingerprint of the signing CA are
logged too.
Including all relevant information on a single line simplifies log
analysis as it is no longer necessary to relate information scattered
across multiple log entries.
I'd suggest just dropping the "\s*$" from the end of the regex.
I intend to upload OpenSSH 6.3 to unstable quite soon (days). If you
can fix this reasonably quickly and would like me to add a Breaks field
to try to make sure people upgrade to a new version of fail2ban at the
same time, please let me know.
--
Colin Watson [[email protected]]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
