===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2-hostbased.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- src/usr.bin/ssh/auth2-hostbased.c	2015/01/08 10:14:08	1.21
+++ src/usr.bin/ssh/auth2-hostbased.c	2015/01/13 07:39:19	1.22
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.21 2015/01/08 10:14:08 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.22 2015/01/13 07:39:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -47,6 +47,7 @@
 #endif
 #include "monitor_wrap.h"
 #include "pathnames.h"
+#include "match.h"
 
 /* import */
 extern ServerOptions options;
@@ -107,6 +108,14 @@
 		    "signature format");
 		goto done;
 	}
+	if (match_pattern_list(sshkey_ssh_name(key),
+	    options.hostbased_key_types,
+	    strlen(options.hostbased_key_types), 0) != 1) {
+		logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
+		    __func__, sshkey_type(key));
+		goto done;
+	}
+
 	service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
 	    authctxt->service;
 	buffer_init(&b);