===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/hostfile.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- src/usr.bin/ssh/hostfile.c	2017/04/30 23:10:43	1.69
+++ src/usr.bin/ssh/hostfile.c	2017/04/30 23:18:44	1.70
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.69 2017/04/30 23:10:43 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.70 2017/04/30 23:18:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -343,16 +343,11 @@
 	HostStatus end_return = HOST_NEW;
 	int want_cert = sshkey_is_cert(k);
 	HostkeyMarker want_marker = want_cert ? MRK_CA : MRK_NONE;
-	int proto = (k ? k->type : keytype) == KEY_RSA1 ? 1 : 2;
 
 	if (found != NULL)
 		*found = NULL;
 
 	for (i = 0; i < hostkeys->num_entries; i++) {
-		if (proto == 1 && hostkeys->entries[i].key->type != KEY_RSA1)
-			continue;
-		if (proto == 2 && hostkeys->entries[i].key->type == KEY_RSA1)
-			continue;
 		if (hostkeys->entries[i].marker != want_marker)
 			continue;
 		if (k == NULL) {
@@ -487,13 +482,6 @@
 			return 0;
 		}
 
-		/* XXX might need a knob for this later */
-		/* Don't remove RSA1 keys */
-		if (l->key->type == KEY_RSA1) {
-			fprintf(ctx->out, "%s\n", l->line);
-			return 0;
-		}
-
 		/*
 		 * If this line contains one of the keys that we will be
 		 * adding later, then don't change it and mark the key for
@@ -801,12 +789,12 @@
 			lineinfo.keytype = sshkey_type_from_name(ktype);
 
 			/*
-			 * Assume RSA1 if the first component is a short
+			 * Assume legacy RSA1 if the first component is a short
 			 * decimal number.
 			 */
 			if (lineinfo.keytype == KEY_UNSPEC && l < 8 &&
 			    strspn(ktype, "0123456789") == l)
-				lineinfo.keytype = KEY_RSA1;
+				goto bad;
 
 			/*
 			 * Check that something other than whitespace follows