Index: trunk/server/common/patches/openssh-no-spurious-correct-key-incorrect-host-messages.patch
===================================================================
--- trunk/server/common/patches/openssh-no-spurious-correct-key-incorrect-host-messages.patch	(revision 1739)
+++ trunk/server/common/patches/openssh-no-spurious-correct-key-incorrect-host-messages.patch	(revision 1739)
@@ -0,0 +1,35 @@
+--- openssh/auth2-pubkey.c.hold	2010-11-20 20:27:13.000000000 -0500
++++ openssh/auth2-pubkey.c	2010-11-20 20:33:23.000000000 -0500
+@@ -233,13 +233,14 @@
+ 				continue;
+ 			}
+ 		}
+-		if (auth_parse_options(pw, key_options, file, linenum) != 1)
+-			continue;
+ 		if (key->type == KEY_RSA_CERT || key->type == KEY_DSA_CERT) {
+-			if (!key_is_cert_authority)
+-				continue;
+ 			if (!key_equal(found, key->cert->signature_key))
+ 				continue;
++			if (auth_parse_options(pw, key_options, file,
++			    linenum) != 1)
++				continue;
++			if (!key_is_cert_authority)
++				continue;
+ 			debug("matching CA found: file %s, line %lu",
+ 			    file, linenum);
+ 			fp = key_fingerprint(found, SSH_FP_MD5,
+@@ -258,7 +259,12 @@
+ 				continue;
+ 			found_key = 1;
+ 			break;
+-		} else if (!key_is_cert_authority && key_equal(found, key)) {
++		} else if (key_equal(found, key)) {
++			if (auth_parse_options(pw, key_options, file,
++			    linenum) != 1)
++				continue;
++			if (key_is_cert_authority)
++				continue;
+ 			found_key = 1;
+ 			debug("matching key found: file %s, line %lu",
+ 			    file, linenum);
Index: trunk/server/fedora/specs/openssh.spec.patch
===================================================================
--- trunk/server/fedora/specs/openssh.spec.patch	(revision 1738)
+++ trunk/server/fedora/specs/openssh.spec.patch	(revision 1739)
@@ -10,13 +10,14 @@
  #URL1: http://pamsshagentauth.sourceforge.net
  #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
-@@ -88,6 +88,7 @@
+@@ -88,6 +88,8 @@
  Source3: sshd.init
  Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
  Source5: pam_ssh_agent-rmheaders
 +Patch1001: openssh-4.7p1-gssapi-name-in-env.patch
++Patch1002: openssh-no-spurious-correct-key-incorrect-host-messages.patch
  Patch0: openssh-5.4p1-redhat.patch
  Patch2: openssh-5.3p1-skip-initial.patch
  Patch4: openssh-5.2p1-vendor.patch
-@@ -175,6 +177,7 @@
+@@ -175,6 +178,7 @@
  Requires(post): chkconfig >= 0.9, /sbin/service
  Requires(pre): /usr/sbin/useradd
@@ -26,9 +27,10 @@
  %package askpass
  Summary: A passphrase dialog for OpenSSH and X
-@@ -267,6 +270,8 @@
+@@ -267,6 +271,9 @@
  %patch75 -p1 -b .dso
  %patch76 -p1 -b .bz595935
  
 +%patch1001 -p1 -b .gssapi-env
++%patch1002 -p1 -b .no-spurious-correct-key-incorrect-host-messages
 +
  autoreconf