diff --git a/ChangeLog b/ChangeLog
index b572f6006..be3118146 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+20121207
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
+     [regress/keys-command.sh]
+     Fix some problems with the keys-command test:
+      - use string comparison rather than numeric comparison
+      - check for existing KEY_COMMAND file and don't clobber if it exists
+      - clean up KEY_COMMAND file if we do create it.
+      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
+        is mounted noexec).
+     ok djm.
+
 20121205
  - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
 
diff --git a/regress/keys-command.sh b/regress/keys-command.sh
index 09f4db4b7..b595a434f 100644
--- a/regress/keys-command.sh
+++ b/regress/keys-command.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keys-command.sh,v 1.1 2012/11/22 22:49:30 djm Exp $
+#	$OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="authorized keys from command"
@@ -14,7 +14,7 @@ fi
 KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
 cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
 #!/bin/sh
-test "x\$1" -ne "x${LOGNAME}" && exit 1
+test "x\$1" != "x${LOGNAME}" && exit 1
 exec cat "$OBJ/authorized_keys_${LOGNAME}"
 _EOF
 $SUDO chmod 0755 "$KEY_COMMAND"
@@ -27,7 +27,13 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
 	echo AuthorizedKeysCommandUser ${LOGNAME}
 ) > $OBJ/sshd_proxy
 
-${SSH} -F $OBJ/ssh_proxy somehost true
-if [ $? -ne 0 ]; then
-	fail "connect failed"
+if [ -x $KEY_COMMAND ]; then
+	${SSH} -F $OBJ/ssh_proxy somehost true
+	if [ $? -ne 0 ]; then
+		fail "connect failed"
+	fi
+else
+	echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
 fi
+
+$SUDO rm -f $KEY_COMMAND