It looks like libssh does not honor the "want reply" boolean which can be
set for "auth-agent-req`openssh.com" messages.
In testing between Putty's 'plink.exe' on Windows and a libssh-based server,
some invocations ('plink.exe -A ...') can result in such messages being
sent with "want reply" set. If these messages are dropped on the server
side, sessions will hang on the client-side.
I haven't been able to reproduce this using 'plink' on Linux.
Attached is a hack patch which disables the "auth-agent-req`openssh.com"
message callback and sends back SSH2MSGCHANNEL//FAILURE for the case
that "want reply" was set. (this resolves the problem for my case where
agent forwarding is not desired).
It's not clear to me what the right fix is here, though: should the
channelauthagentreqfunction callback signature be updated so that
clients can return a success or failure, and channelrcvrequest
updated to respond with FAILURE/SUCCESS based on that, if "want
reply" is set?
ssh2setupagent here http://svn.tartarus.org/sgt/putty/ssh.c sets up
these messages on the Putty side.
I see too that "keepalive`openssh.com" messages are always replied to
regardless of whether "want reply" is set~~~~maybe that can be fixed to
be more pedantic (not sure if it matters in practice; it has not caused
any issues in my experience).