Consider this small section of code from the user_key_allowed2 function in auth2-pubkey.c /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); return 0; } /* Open the file containing the authorized keys. */ f = fopen(file, "r"); if (!f) { /* Restore the privileged uid. */ restore_uid(); return 0; } Fail quietly? Why? And what about debugging? Someone trying to figure out why authentication has failed is merely left with a statement from later in the code sequence that just says the "key was disallowed". That's not helpful, for it's not technically true. (I haven't explored other sections of code, but in general, I think any return statement in the middle of function is a failure of that function should probably have an explanatory debug statement at some level associated with it.)
think about it: if the file does not exist, then there are no authorised keys. This is not an error, and doesn't warrant logspam, even at debug levels.
After all this time we're waiting for a fix and you're just blowing it off? It doesn't even look like you read my report. Please hand it off to someone else if you don't feel so inclined. By your own backward logic, how does a nonexistent key get reported as being disallowed?
Sorry, but I don't agree that there is any condition worth reporting here. You don't need debug output to figure out that a file that is critical to public key authentication is missing.
Yeah, it took me the better part of a day to figure out that the message, "key is disallowed" really means the key file is missing. Perhaps users in the future who get similarly stymied will find this page on Google. They surely can't depend on your nicely informative debug logs to help them.
Mass update RESOLVED->CLOSED after release of openssh-5.1