Displaying 1 result from an estimated 1 matches for "aa313203".
2008 Mar 17
0
Bug#444470: /etc/logcheck/violations.ignore.d/logcheck-ssh: Updated "authentication failure" rule
...I once got different messages by doing the
same thing on two servers running the same version with the same
configuration.)
> * the second omits the PID of the ssh daemon - mistake or did older
> messages look like that? (the ones I see do have the PID)
Me too. The second line comes from aa313203, a large (and pretty
recent) commit by Aaron M. Ucko.
> * the second does use the new PAM format - but does the part after
> ssh: really need to match anything but auth?
I would guess so, since this line should be the result of pam_unix
failing during the auth phase.
As for the rest, I&...