[Logcheck-commits] [logcheck] 01/01: i.d.s/ssh: match key fingerprint

Hannes von Haugwitz hvhaugwitz at moszumanska.debian.org
Sat Oct 18 16:24:15 UTC 2014


This is an automated email from the git hooks/post-receive script.

hvhaugwitz pushed a commit to branch master
in repository logcheck.

commit bf39340ec06ac1d481999afdfd0ff4e5c09040ab
Author: Hannes von Haugwitz <hannes at vonhaugwitz.com>
Date:   Sat Oct 18 18:06:33 2014 +0200

    i.d.s/ssh: match key fingerprint
    
    closes: #743000
---
 debian/changelog                    | 2 ++
 rulefiles/linux/ignore.d.server/ssh | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 6727f26..7a4a1e7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -23,6 +23,8 @@ logcheck (1.3.17) UNRELEASED; urgency=low
     - removed obsolete 'fork' notice
   * docs/README.Maintainer:
     - fixed typo (closes: #764336)
+  * ignore.d.server/ssh:
+    - match key fingerprint when using key exchange auth (closes: #743000)
 
   [ Alberto Gonzalez Iniesta ]
   * ignore.d.workstation/kernel:
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 776cbb2..062f245 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -1,4 +1,4 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Address [._[:alnum:]-]+ maps to [._[:alnum:]-]+, but this does not map back to the address - POSSIBLE BREAK-?IN ATTEMPT!$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '[^']*' from ([:.[:xdigit:]]+|UNKNOWN)$

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/logcheck/logcheck.git



More information about the Logcheck-commits mailing list