what does 'Logged in without disclosing public key – Intrusion?' mean?

example asked:

I have set up a new debian vm and installed gitlab-ce. There is not really much more on the VM…
Right from the beginning, the following msg started to show up in the auth.log:

Mon 2015-08-24 21:47:36.154862 CEST [s=a93d5b0787f54cb68c24d8c7c55985a4;i=2c1bc8;b=567468ca921c4b52ba291
    MESSAGE=ssh/bash[9276]: Logged in without disclosing public key - Intrusion?

By now it appears a few hundred times a day.

What exactly does it mean? Should I be worried?

update: the msg does seem to come from sshd

   1 23979 23979 23979 ?           -1 Ss       0   4:37 /usr/sbin/sshd -D  
23979  9274  9274  9274 ?           -1 Ss       0   0:00  \_ sshd: root@pts/2    
 9274  9276  9276  9276 pts/2     9276 Ss+      0   0:00      \_ -bash

It seems to be triggert at every login from root (at least as well) and then appears in the logs between once and 40 or so times.

OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015

My answer:

The journal entry indicates that, by pid, bash posted the log message, using the logger program. This indicates that something in your startup scripts is creating this message.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.