On Fri, Apr 04, 2014 at 01:19:07AM +0200, Philou wrote: > Hi Alberto, > > You mean, which ssh option ? Default sshd configuration on the > server, it's just that, as i'm using key exchange authentication, some > text is appended at the end of the syslog message ": RSA > e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c", and as such the very > first regex of i.s.d/ssh won't match
Hi! I thought you were using some option in order to get the key fingerprint in the logs, since none of my systems did that. Now I was able to reproduce it. Thanks, this will be fixed. Regards, Alberto > > > Le 2 avr. 2014 à 18:58, Alberto Gonzalez Iniesta <[email protected]> a > > écrit : > > > >> On Sat, Mar 29, 2014 at 10:53:09PM +0100, philou wrote: > >> Current regex in i.d.s/ssh doesn't match when using key exchange > >> authentication. > >> > >> If not using key exchange authentication, the following log message > >> will be correctly ignored: > >> > >> Jan 28 11:52:05 server sshd[1003]: Accepted publickey for fred from > >> 192.0.2.60 port 20042 ssh2 > >> > >> When using key exchange authentication, the following log message > >> will NOT be ignored: > >> > >> Jan 28 11:51:43 server sshd[5104]: Accepted publickey for fred from > >> 192.0.2.60 port 60594 ssh2: RSA > >> e8:31:68:c7:01:2d:25:20:36:8f:50:5d:f9:ee:70:4c > > > > Hi Philippe, > > > > Could you tell me which option are you using in order to get the > > latter message? That way I can reproduce it and fix the rule. > > > > Thanks, > > > > Alberto > > > > -- > > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > > mailto/sip: [email protected] | en GNU/Linux y software libre > > Encrypted mail preferred | http://inittab.com > > > > Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: [email protected] | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 _______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
