Feat(logcheck): Update `local-ssh`

author Oleg Broytman <phd@phdru.name>

Fri, 2 Jan 2026 09:24:37 +0000 (12:24 +0300)

committer Oleg Broytman <phd@phdru.name>

Fri, 2 Jan 2026 15:11:03 +0000 (18:11 +0300)
author Oleg Broytman <phd@phdru.name>
Fri, 2 Jan 2026 09:24:37 +0000 (12:24 +0300)
committer Oleg Broytman <phd@phdru.name>
Fri, 2 Jan 2026 15:11:03 +0000 (18:11 +0300)
diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh

index 1e5024e627e7bc3dbccfddfaa509537da5224053..f5e826bb02057caf3378c0ea5b8319e080315343 100644 (file)
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -13,9 +13,9 @@
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\]
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting: Change of username or service not allowed:
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting: Too many authentication failures
-^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Failed (none|password) for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3}
-^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM [0-9] more authentication failures
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM [0-9] more authentication failures?
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM service\(sshd\) ignoring max retries
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+:
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\.
@@ -39,7 +39,7 @@
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: error: userauth_pubkey: parse key: invalid format \[preauth\]
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: exited MaxStartups throttling
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer
-^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: Timeout before authentication
+^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (fatal: )?Timeout before authentication
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: no hostkey alg \[preauth\]
  ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: userauth_finish: send failure packet: (Broken pipe|Connection reset by peer) \[preauth\]$
author	Oleg Broytman <phd@phdru.name>
	Fri, 2 Jan 2026 09:24:37 +0000 (12:24 +0300)
committer	Oleg Broytman <phd@phdru.name>
	Fri, 2 Jan 2026 15:11:03 +0000 (18:11 +0300)