From c34bbd1fa8606f47ddf31e3135b8d716f71a804d Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Wed, 11 Oct 2017 14:55:34 +0200
Subject: ssh: Client checks user's public key

---
 lib/ssh/src/ssh_auth.erl | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index ac64a7bf14..894877f8bf 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -145,14 +145,17 @@ get_public_key(SigAlg, #ssh{opts = Opts}) ->
     case KeyCb:user_key(KeyAlg, [{key_cb_private,KeyCbOpts}|UserOpts]) of
         {ok, PrivKey} ->
             try
+                %% Check the key - the KeyCb may be a buggy plugin
+                true = ssh_transport:valid_key_sha_alg(PrivKey, KeyAlg),
                 Key = ssh_transport:extract_public_key(PrivKey),
                 public_key:ssh_encode(Key, ssh2_pubkey)
             of
                 PubKeyBlob -> {ok,{PrivKey,PubKeyBlob}}
             catch
                 _:_ -> 
-		    not_ok
+                    not_ok
             end;
+
 	_Error ->
 	    not_ok
     end.
-- 
cgit v1.2.3