Package: openssh-server Version: 1:5.5p1-6+squeeze3 Severity: normal It appears that when authenticating using a public key the case of the username is important, but when evaluating whether to log failed login attempts a case-insenstive comparison is done.
Backstory: I was attempting to help a new user login to an SSH server. Their login was failing, but nothing was appearing in /var/log/auth.log. I determined experimentally that OpenSSH logs "invalid user $name from $ip" when an invalid name is given, and logs nothing when an incorrect key is offered for a valid name. This led me to believe the user was not using the correct key. In fact, they were using the correct key. We eventually determined that they were capitalizing the first character of their username (on their SSH client on an iphone) while on the server their username was all-lowercase. This caused authentication to fail, but did not cause OpenSSH to log that an invalid name was used. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org