From dad91f7969871e737c616f47ba09b60cc3036764 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Fri, 18 Nov 2011 10:07:13 -0500
Subject: [PATCH] ENH: sshd.conf -- allow user names to have spaces and
 trailing spaces in the line

absorbed from patches carried by Debian distribution of f2b
---
 config/filter.d/sshd.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 2c53ee7d..c65abe63 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -28,11 +28,11 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* fro
             ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
-            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
+            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$
             ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
             ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
             ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
-            ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
+            ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.