Hi, If SSH_MSG_USERAUTH_FAILURE arrives from the server with partial success (set to 1), in input_userauth_failure() the pubkey_cleanup() and pubkey_prepare() calls does different thing than the first pubkey_prepare() instead of identical. OpenSSH versions: 6.7p1 to 7.1p1 (based on changelog the issue seems to be introduced in 6.3p1 during fixing another bug): * ssh(1): reset the order in which public keys are tried after partial authentication success. Environment: * an ssh-agent with a passphrase-protected private key stored in its standard name (e.g. .ssh/id_rsa) * a server that accepts this key but requires further authentication (auth failure with partial success) * and the ssh client First the client sends the key stored in the agent, and then clears its keys in authctx, and retries the keys. At this point the public key is missing (.ssh/id_rsa), therefore ssh tries to ask the passphrase, even if the key is loaded into the agent. And if the passphrase is given, it retries the very same key. The problem seems to be occured in pubkey_prepare(), in this line: options.identity_keys[i] = NULL; If the code wants to iterate thrugh these keys after a partial success, these keys should never be NULL'ed, instead these should be copied. As a result, if I'm not mistaken, the ssh client skips all keys of the agent. Regrads, Laszlo Attila TOTH _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev