===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2-pubkey.c,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- src/usr.bin/ssh/auth2-pubkey.c	2018/09/20 03:28:06	1.86
+++ src/usr.bin/ssh/auth2-pubkey.c	2019/01/22 11:26:16	1.87
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.87 2019/01/22 11:26:16 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -99,6 +99,22 @@
 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
 		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
+
+	if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
+		char *keystring;
+		struct sshbuf *pkbuf;
+
+		if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
+			fatal("%s: sshbuf_from failed", __func__);
+		if ((keystring = sshbuf_dtob64(pkbuf)) == NULL)
+			fatal("%s: sshbuf_dtob64 failed", __func__);
+		debug2("%s: %s user %s %s public key %s %s", __func__,
+		    authctxt->valid ? "valid" : "invalid", authctxt->user,
+		    have_sig ? "attempting" : "querying", pkalg, keystring);
+		sshbuf_free(pkbuf);
+		free(keystring);
+	}
+
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */