X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Froles%2Flogcheck%2Ffiles%2Fignore.d%2Flocal-ssh;h=fb95260440d0ce4335b82b5eb57862c8ff4ad13d;hb=ce172815d2bae47d20d2e1b396d89afc1fa3caf2;hp=a3ebaacee7b138647cbc94905f71f0fb9f8b924f;hpb=2dcf290a696ac02ad3bcd0a6f1000628f08867b3;p=ansible.git

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index a3ebaac..fb95260 100644
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -7,17 +7,18 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures|Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn)?) \[preauth\]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures|Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*)?) \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (host key type|key exchange method) found\.
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: kex protocol error: type 30 seq 1 \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: maximum authentication attempts exceeded for .+ from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ssh2 \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user .+\[preauth\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: ssh_dispatch_run_fatal: Connection from (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: message authentication code incorrect \[preauth\]
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: ssh_dispatch_run_fatal: Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: message authentication code incorrect \[preauth\]