On Tue, Jul 15, 2008 at 12:27:13AM +0100, Stephen Gran wrote: > This one time, at band camp, Witold Baryluk said: > > (orginal key removed) > > > > Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode > > AAAAB3NzaC1XXXXXXXX > > ........XXXXXXXRvB4h==\n failed > > Jul 13 15:55:36 tytus sshd[24909]: Accepted password for johnybravo from > > 10.0.1.1 port > > 49186 ssh2 > > > > Ok, key have error, but it is probably one letter, or some whitespaces. > > Ok, it is public key, but sshd shouldn't log it anyway. > > -rw-r----- 1 root adm 34858 2008-07-15 00:17 /var/log/auth.log > > If your auth.log is world readable, something is wrong on your system. > auth.log is designed exactly for information like this, and is designed > to be relatively secret on purpose. > > Given that, I'm not convinced this is actually a bug at all, but I'll > leave that decision to the maintainers - I'm just going to lower the > severity.
And, of course, the key is public anyway. Public means public no matter how much you say "shouldn't log it anyway"; note that anyone who can read auth.log can also simply read the user's authorized_keys file. In short, I agree - it's not a bug. Julien Cristau already closed this one. Thanks, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]