diff --git a/ChangeLog b/ChangeLog
index 7c7297731..44e45eb8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,10 @@
      Pass through ssh command-line flags and options when doing remote-remote
      transfers, e.g. to enable agent forwarding which is particularly useful
      in this case; bz#1837 ok dtucker@
+   - markus@cvs.openbsd.org 2010/11/29 18:57:04
+     [authfile.c]
+     correctly load comment for encrypted rsa1 keys;
+     report/fix Joachim Schipper; ok djm@
 
 20101124
  - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
diff --git a/authfile.c b/authfile.c
index f75c273fc..f2aec267a 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.86 2010/11/21 10:57:07 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -710,8 +710,9 @@ key_load_private(const char *filename, const char *passphrase,
 			*commentp = xstrdup(filename);
 	} else {
 		key_free(pub);
+		/* key_parse_public_rsa1() has already loaded the comment */
 		prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
-		    commentp);
+		    NULL);
 	}
 	buffer_free(&buffer);
 	return prv;