On 23 February 2018 at 23:07, Philipp Marek <philipp@xxxxxxxxxxxxx> wrote: > >> + struct identity *sent_signed_id; > > What happens if the server is configured to allow two different SSH keys? > Wouldn't that then cycle between these two? I don't think so. I think once both have succeeded neither will be sent and it'll drop through to "we did not send a packet, disable method" and either move to the next method or fail if there are no more. sent_signed_id is used to track the key that was just used to sign the challenge from the server. The state of the keys is stored in a list of Identity structures. When the reply comes back after setting sent_signed_id there's 3 cases: - failure: no change in behaviour. (maybe it should null out sent_signed_id, although it should be set again before ever being read). - partial success: we mark id->tried with IDENTITY_SUCCESSFUL. The non-zero value stops it from being sent again. - complete success: ssh_userauth2 immediately cleans up the identities. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev