diff --git a/constants.go b/constants.go
index a0040bf5a8810..989913da6b767 100644
--- a/constants.go
+++ b/constants.go
@@ -287,3 +287,8 @@ const (
 	// at expected interval
 	RemoteClusterStatusOnline = "online"
 )
+
+const (
+	// SharedDirMode is a mode for a directory shared with group
+	SharedDirMode = 0750
+)
diff --git a/lib/auth/register.go b/lib/auth/register.go
index 0fd12a33dde83..2f6ab5f98a4e9 100644
--- a/lib/auth/register.go
+++ b/lib/auth/register.go
@@ -148,7 +148,8 @@ func readToken(token string) (string, error) {
 	if err != nil {
 		return "", nil
 	}
-	return string(out), nil
+	// trim newlines as tokens in files tend to have newlines
+	return strings.TrimSpace(string(out)), nil
 }
 
 // PackedKeys is a collection of private key, SSH host certificate
diff --git a/lib/service/service.go b/lib/service/service.go
index 1b627391b267f..d1494a9927a47 100644
--- a/lib/service/service.go
+++ b/lib/service/service.go
@@ -639,9 +639,11 @@ func (process *TeleportProcess) newLocalCache(clt auth.ClientI, cacheName []stri
 	if !process.Config.CachePolicy.Enabled {
 		return clt, nil
 	}
-
 	path := filepath.Join(append([]string{process.Config.DataDir, "cache"}, cacheName...)...)
-	cacheBackend, err := dir.New(backend.Params{"path": path})
+	if err := os.MkdirAll(path, teleport.SharedDirMode); err != nil {
+		return nil, trace.ConvertSystemError(err)
+	}
+	cacheBackend, err := boltbk.New(backend.Params{"path": path})
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
diff --git a/lib/sshutils/server.go b/lib/sshutils/server.go
index ac0d73c5aa5c3..7555658cc49a8 100644
--- a/lib/sshutils/server.go
+++ b/lib/sshutils/server.go
@@ -467,7 +467,10 @@ func (c *connectionWrapper) Read(b []byte) (int, error) {
 	buff := make([]byte, MaxVersionStringBytes)
 	n, err := c.Conn.Read(buff)
 	if err != nil {
-		log.Error(err)
+		// EOF happens quite often, don't pollute the logs with EOF
+		if err != io.EOF {
+			log.Error(err)
+		}
 		return n, err
 	}
 	// chop off extra unused bytes at the end of the buffer: