T22: Handling of "auth-agent-req@openssh.com" Does Not Honor "want reply" (can cause Putty clients to hang)

Description

Originally reported by migration: https://bugs.libssh.org/T22

It looks like libssh does not honor the "want reply" boolean which can be set for "auth-agent-req`openssh.com" messages.

In testing between Putty's 'plink.exe' on Windows and a libssh-based server, some invocations ('plink.exe -A ...') can result in such messages being sent with "want reply" set. If these messages are dropped on the server side, sessions will hang on the client-side.

I haven't been able to reproduce this using 'plink' on Linux.

Attached is a hack patch which disables the "auth-agent-req`openssh.com" message callback and sends back SSH2//MSG//CHANNEL//FAILURE for the case that "want reply" was set. (this resolves the problem for my case where agent forwarding is not desired).

It's not clear to me what the right fix is here, though: should the channel//auth//agent//req//function callback signature be updated so that clients can return a success or failure, and channel//rcv//request updated to respond with FAILURE/SUCCESS based on that, if "want reply" is set?

ssh2//setup//agent here http://svn.tartarus.org/sgt/putty/ssh.c sets up these messages on the Putty side.

I see too that "keepalive`openssh.com" messages are always replied to 
regardless of whether "want reply" is set~~~~maybe that can be fixed to
be more pedantic (not sure if it matters in practice; it has not caused
any issues in my experience).

[0001-channel-disable-auth-agent-req-openssh.com-test.patch](/uploads/e07f947525bb3d55163018fb94d4e190/0001-channel-disable-auth-agent-req-openssh.com-test.patch)

### Comments:

**asn commented on 2018-09-04 19:02:41 UTC:**

Jon, I think this patch is still valid. Could you please use ssh_buffer_pack() and resend the patch to the mailinglist?

Thanks!

----