tags 490883 -security severity 490883 normal thanks This one time, at band camp, Witold Baryluk said: > (orginal key removed) > > Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode AAAAB3NzaC1XXXXXXXX > ........XXXXXXXRvB4h==\n failed > Jul 13 15:55:36 tytus sshd[24909]: Accepted password for johnybravo from 10.0.1.1 port > 49186 ssh2 > > Ok, key have error, but it is probably one letter, or some whitespaces. > Ok, it is public key, but sshd shouldn't log it anyway. -rw-r----- 1 root adm 34858 2008-07-15 00:17 /var/log/auth.log If your auth.log is world readable, something is wrong on your system. auth.log is designed exactly for information like this, and is designed to be relatively secret on purpose. Given that, I'm not convinced this is actually a bug at all, but I'll leave that decision to the maintainers - I'm just going to lower the severity. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature