Bug#490883: openssh-server: logs some keys to /var/log/auth.log which is world readabl

Hi Witold, * Witold Baryluk [EMAIL PROTECTED] [2008-07-15 09:49]: (orginal key removed) Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode B3NzaC1 XXXRvB4h==\n failed Jul 13 15:55:36 tytus sshd[24909]: Accepted password for johnybravo from 10.0.1.1 port

Bug#490883: openssh-server: logs some keys to /var/log/auth.log which is world readabl

On Tue, Jul 15, 2008 at 12:27:13AM +0100, Stephen Gran wrote: This one time, at band camp, Witold Baryluk said: (orginal key removed) Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode B3NzaC1 XXXRvB4h==\n failed Jul 13 15:55:36 tytus sshd[24909]:

Bug#490883: openssh-server: logs some keys to /var/log/auth.log which is world readabl

Package: openssh-server Version: 1:4.3p2-9etch2 Severity: grave Tags: security Justification: user security hole (orginal key removed) Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode B3NzaC1 XXXRvB4h==\n failed Jul 13 15:55:36 tytus sshd[24909]: Accepted

Bug#490883: openssh-server: logs some keys to /var/log/auth.log which is world readabl

tags 490883 -security severity 490883 normal thanks This one time, at band camp, Witold Baryluk said: (orginal key removed) Jul 13 15:55:34 tytus sshd[24909]: error: key_read: uudecode B3NzaC1 XXXRvB4h==\n failed Jul 13 15:55:36 tytus sshd[24909]: Accepted password