Pubkey auth is mostly there for the client. Something strange with

remote hostkey verification though.

--HG--
extra : convert_revision : 8635abe49e499e16d44a8ee79d474dc35257e9cc

cli-auth.c

@@ -7,7 +7,6 @@
 #include "packet.h"
 #include "runopts.h"
 
-#undef DROPBEAR_PUBKEY_AUTH
 
 void cli_authinitialise() {
 
@@ -30,7 +29,6 @@ void cli_auth_getmethods() {
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
-	cli_ses.state = USERAUTH_METHODS_SENT;
 	TRACE(("leave cli_auth_getmethods"));
 
 }
@@ -88,6 +86,20 @@ void recv_msg_userauth_failure() {
 	TRACE(("<- MSG_USERAUTH_FAILURE"));
 	TRACE(("enter recv_msg_userauth_failure"));
 
+	if (cli_ses.state != USERAUTH_REQ_SENT) {
+		/* Perhaps we should be more fatal? */
+		TRACE(("But we didn't send a userauth request!!!!!!"));
+		return;
+	}
+
+#ifdef DROPBEAR_PUBKEY_AUTH
+	/* If it was a pubkey auth request, we should cross that key 
+	 * off the list. */
+	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
+		cli_pubkeyfail();
+	}
+#endif
+
 	methods = buf_getstring(ses.payload, &methlen);
 
 	partial = buf_getbyte(ses.payload);
@@ -154,12 +166,14 @@ void cli_auth_try() {
 #ifdef DROPBEAR_PUBKEY_AUTH
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		finished = cli_auth_pubkey();
+		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
 	}
 #endif
 
 #ifdef DROPBEAR_PASSWORD_AUTH
 	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		finished = cli_auth_password();
+		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
 	}
 #endif
 
@@ -167,6 +181,5 @@ void cli_auth_try() {
 		dropbear_exit("No auth methods could be used.");
 	}
 
-	cli_ses.state = USERAUTH_REQ_SENT;
 	TRACE(("leave cli_auth_try"));
 }