From 5eaa588031beda9411787cfe4a260a557502e787 Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Fri, 2 Jan 2026 12:24:37 +0300 Subject: [PATCH] Feat(logcheck): Update `local-ssh` --- playbooks/roles/logcheck/files/ignore.d/local-ssh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh index 1e5024e..f5e826b 100644 --- a/playbooks/roles/logcheck/files/ignore.d/local-ssh +++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh @@ -13,9 +13,9 @@ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting (authenticating|invalid) user .+([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: (Too many authentication failures)|(Change of username or service not allowed: \(.+,ssh-connection\)( -> \(.+,ssh-conn.*\)?)?) \[preauth\] ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting: Change of username or service not allowed: ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Disconnecting: Too many authentication failures -^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Failed password for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Failed (none|password) for invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Invalid user .+from ([0-9]{1,3}\.){3}[0-9]{1,3} -^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM [0-9] more authentication failures +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM [0-9] more authentication failures? ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: PAM service\(sshd\) ignoring max retries ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Protocol major versions differ for ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (cipher|host key type|key exchange method) found\. @@ -39,7 +39,7 @@ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: error: userauth_pubkey: parse key: invalid format \[preauth\] ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: exited MaxStartups throttling ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer -^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: Timeout before authentication +^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: (fatal: )?Timeout before authentication ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: no hostkey alg \[preauth\] ^[0-9]{4}-[0-9]{2}-[0-9]{2}T[ .:+0-9]+ [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: fatal: userauth_finish: send failure packet: (Broken pipe|Connection reset by peer) \[preauth\]$ -- 2.47.3