===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -r1.250 -r1.251
--- src/usr.bin/ssh/sshconnect2.c	2016/09/28 20:32:42	1.250
+++ src/usr.bin/ssh/sshconnect2.c	2016/12/04 23:54:02	1.251
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.251 2016/12/04 23:54:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -310,6 +310,7 @@
 static int sign_and_send_pubkey(Authctxt *, Identity *);
 static void pubkey_prepare(Authctxt *);
 static void pubkey_cleanup(Authctxt *);
+static void pubkey_reset(Authctxt *);
 static Key *load_identity_file(Identity *);
 
 static Authmethod *authmethod_get(char *authlist);
@@ -552,8 +553,7 @@
 	if (partial != 0) {
 		verbose("Authenticated with partial success.");
 		/* reset state */
-		pubkey_cleanup(authctxt);
-		pubkey_prepare(authctxt);
+		pubkey_reset(authctxt);
 	}
 	debug("Authentications that can continue: %s", authlist);
 
@@ -1406,6 +1406,15 @@
 	}
 }
 
+static void
+pubkey_reset(Authctxt *authctxt)
+{
+	Identity *id;
+
+	TAILQ_FOREACH(id, &authctxt->keys, next)
+		id->tried = 0;
+}
+
 static int
 try_identity(Identity *id)
 {
@@ -1454,6 +1463,7 @@
 				}
 				key_free(id->key);
 				id->key = NULL;
+				id->isprivate = 0;
 			}
 		}
 		if (sent)