Rafael Laboissiere
2015-Sep-17 17:54 UTC
[Logcheck-devel] Bug#799304: logcheck-database: rule for sshd accepted key rule is obsolete
Package: logcheck-database
Version: 1.3.17
Severity: normal
The following rule in ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(:
(RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
is not working with version 6.9 of openssh. Log entries in my system
are like this now:
Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xxxxxx from
000.000.000.000 port 000 ssh2: RSA
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
The problem is that the key hash at the end:
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
does not match the end of the rule:
([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})
Please, fix it.
Thanks,
Rafael Laboissiere
Debian Bug Tracking System
2017-Jan-25 22:09 UTC
[Logcheck-devel] Bug#799304: marked as done (logcheck-database: rule for sshd accepted key rule is obsolete)
Your message dated Wed, 25 Jan 2017 22:05:37 +0000 with message-id <E1cWVhB-0002wS-0V at fasolo.debian.org> and subject line Bug#799304: fixed in logcheck 1.3.18 has caused the Debian Bug report #799304, regarding logcheck-database: rule for sshd accepted key rule is obsolete to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Rafael Laboissiere <rlabs.smtp at gmail.com> Subject: logcheck-database: rule for sshd accepted key rule is obsolete Date: Thu, 17 Sep 2015 19:54:13 +0200 Size: 3774 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/6c0ce7ab/attachment-0002.mht> -------------- next part -------------- An embedded message was scrubbed... From: Hannes von Haugwitz <hannes at vonhaugwitz.com> Subject: Bug#799304: fixed in logcheck 1.3.18 Date: Wed, 25 Jan 2017 22:05:37 +0000 Size: 7772 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20170125/6c0ce7ab/attachment-0003.mht>