more ssh regexes

app/example.yml

@@ -47,7 +47,9 @@ streams:
         regex:
           # <ip> is predefined in the patterns section
           # ip's regex is inserted in the following regex
-          - authentication failure;.*rhost=<ip>
+          - 'authentication failure;.*rhost=<ip>'
+          - 'Failed password for .* from <ip>'
+          - 'Connection reset by authenticating user .* <ip>'
         # if retry and retryperiod are defined,
         # the actions will only take place if a same pattern is
         # found `retry` times in a `retryperiod` interval

config/example.jsonnet

@@ -56,7 +56,9 @@ local iptables(args) = ['ip46tables', '-w'] + args;
           regex: [
             // <ip> is predefined in the patterns section
             // ip's regex is inserted in the following regex
-            'authentication failure;.*rhost=<ip>',
+            @'authentication failure;.*rhost=<ip>',
+            @'Failed password for .* from <ip>',
+            @'Connection reset by authenticating user .* <ip>',
           ],
           // if retry and retryperiod are defined,
           // the actions will only take place if a same pattern is

config/server.jsonnet

@@ -38,6 +38,7 @@ local banFor(time) = {
           regex: [
             @'authentication failure;.*rhost=<ip>',
             @'Connection reset by authenticating user .* <ip>',
+            @'Failed password for .* from <ip>',
           ],
           retry: 3,
           retryperiod: '6h',