LogLevel INFO
RSAAuthentication yes
PubkeyAuthentication yes
HostbasedAthentication no
ChallengeResponseAuthentication no
PasswordAuthentication no
AllowUsers lukeskywalker
[1] The decision to log the error is made in procedure "auth_log" in "auth.c":
/* Raise logging level */
if (authenticated == 1 || !authctxt->valid || authctxt->failures >= options.max_authtries / 2 || strcmp(method, "password") == 0)
authlog = logit;
When account exists but does not have a trusted pubkey on the server the variables have the following values:
"auth_log" decision has the following values:
authenticated ......... 0
authctxt->valid ....... 1
authctxt->failures .... 0
options.max_authtries . 6
method ................ publickey
Which translates to:
if (0 == 1 ||
! 1 ||
0 >= 6 / 2 ||
1 == 0)
authlog = logit;
So authlog cannot escalate to the logit function (nothing in auth.log)
I suggest ADDING the following change between "/* Raise logging level */" and the start of the if statement that immediately followed it:
There seems to be an alternative train of thought from the 2005 portable bug associated with this report. I guess that was never implemented (please add comments if you know the history).
To summarize:
LogLevel INFO ation yes ication no seAuthenticatio n no ication no
RSAAuthentication yes
PubkeyAuthentic
HostbasedAthent
ChallengeRespon
PasswordAuthent
AllowUsers lukeskywalker
[1] The decision to log the error is made in procedure "auth_log" in "auth.c":
!authctxt- >valid ||
authctxt- >failures >= options. max_authtries / 2 ||
strcmp( method, "password") == 0)
/* Raise logging level */
if (authenticated == 1 ||
authlog = logit;
When account exists but does not have a trusted pubkey on the server the variables have the following values:
"auth_log" decision has the following values: >failures .... 0 max_authtries . 6
authenticated ......... 0
authctxt->valid ....... 1
authctxt-
options.
method ................ publickey
Which translates to:
if (0 == 1 ||
! 1 ||
0 >= 6 / 2 ||
1 == 0)
authlog = logit;
So authlog cannot escalate to the logit function (nothing in auth.log)
I suggest ADDING the following change between "/* Raise logging level */" and the start of the if statement that immediately followed it:
if (!authenticated && ->valid && method, "publickey") == 0)
authctxt-
strcmp(
authlog = logit;
There seems to be an alternative train of thought from the 2005 portable bug associated with this report. I guess that was never implemented (please add comments if you know the history).
Regards, Don.