-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsshd
25 lines (25 loc) · 3.62 KB
/
sshd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Accepted publickey for [._[:alnum:]-]+ from [._a-f[:digit:]:-]+ port [0-9]{1,5} ssh2: RSA (|SHA256)[\/[:alnum:]:]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: (Received disconnect|Disconnected) from [._a-f[:digit:]:-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: (Received disconnect|Disconnected) from [._a-f[:digit:]:-]+ 0:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Received disconnect from [._a-f[:digit:]:-]+ port [0-9]{1,5}:[0-9]{1,2}: disconnected by user$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Received disconnect from [._a-f[:digit:]:-]+ port [0-9]{1,5}:[0-9]{1,2}: Connection terminated by the client.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Bad protocol version identification '[ .\/\\[:alnum:]-]*' from [._a-f[:digit:]:-]+ port [0-9]{1,5}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: (error: |)Protocol major versions differ( for 127\.0\.0\.1: .*|: 2 vs\. 1)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: (fatal: |)Unable to negotiate with [._a-f[:digit:]:-]+ port [0-9]{1,5}: no matching (cipher|key exchange method|host key type) found\. Their offer: .* \[preauth\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Connection (closed|reset) by [._a-f[:digit:]:-]+ port [0-9]{1,5} \[preauth\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Disconnected from (authenticating |invalid |)user [.@[:alnum:]-]+ |[._a-f[:digit:]:-]+ port [0-9]{1,5}( \[preauth\]|)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Invalid user [.@[:alnum:]-]+ from [._a-f[:digit:]:-]+ port [0-9]{1,5}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Received disconnect from [._a-f[:digit:]:-]+ port [0-9]{1,5}\:11\: (Bye Bye|Client disconnecting normally|Normal Shutdown, Thank you for playing) \[preauth\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Did not receive identification string from [._a-f[:digit:]:-]+ port [0-9]{1,5}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[.[:alnum:]]+\]: Accepted google_authenticator for [._@[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: error: kex_exchange_identification: (Connection closed by remote host|banner line contains invalid characters|read: Connection reset by peer)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: error: send_error: write: Broken pipe$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: error: Protocol major versions differ: 2 vs\. 1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Connection from [._a-f[:digit:]:-]+ port [0-9]{1,5} on [._a-f[:digit:]:-]+ port [0-9]{1,5} rdomain "(|[._[:alnum:]-]+)"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: banner exchange: Connection from [._a-f[:digit:]:-]+ port [0-9]{1,5}: invalid format$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms \[preauth\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Failed publickey for root from [._a-f[:digit:]:-]+ port [0-9]{1,5} ssh2: (RSA|ED25519) SHA256:.+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Accepted key ED25519 SHA256:[[:alnum:]]+ found at \/etc\/ssh\/duplicati_keys\/[[:alnum:]]+:[1-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: User child is on pid [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Changed root directory to ".+"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[.[:alnum:]]+\]: Postponed publickey for [.[:alnum:]]+ from [._a-f[:digit:]:-]+ port [[:digit:]]{1,5} ssh2 \[preauth\]$