KeeAgent 0.13.3 hangs OpenSSH_for_Windows_7.7p1

[drok]

After many years of using KeeAgent various versions, I attempted upgrading from 0.12.1 to 0.13.3 (latest at this time) in order to gain the ability to use the Putty v3 ppk key file format, which per the Changelog are supported since 0.13.1

This upgrade broke my previously working configuration. Reverting to 0.12.1 restores the working state. Below are the output of "ssh -vvv -T 10.6.9.59 echo success" from the client towards the server which is running "/usr/sbin/sshd -ddd" ; I have inserted into each log some notes prefixed with '#' that describe what I see. First the client side and server side logs using KeeAgent 0.13.3 are included, and below, the same test after reverting to 0.12.1:

• The client side is running Windows 10 Enterprise LTSC Version 1809 (OS build 17763.107)
• Client side SSH client: OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
• The server side is running Ubuntu 16.04.1 LTS in an OpenVZ container
• Server side SSH server: openssh-server 1:7.2p2-4ubuntu2.10

Client side, KeeAgent 0.13.3 (repro hung connection):

D:\Profiles\Radu>ssh -vvv -T 10.6.9.59 echo success
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data D:\\Profiles\\Radu/.ssh/config
debug1: D:\\Profiles\\Radu/.ssh/config line 4: Applying options for 10.6.9.59
debug1: Reading configuration data __PROGRAMDATA__\\ssh/ssh_config
debug2: resolve_canonicalize: hostname 10.6.9.59 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.6.9.59 [10.6.9.59] port 22.
debug1: Connection established.
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_rsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_rsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_dsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_dsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ecdsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519 error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ed25519 type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_xmss type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.6.9.59:22 as 'radu'
debug3: hostkeys_foreach: reading file "D:\\Profiles\\Radu/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.6.9.59
debug3: Failed to open file:D:/Profiles/Radu/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug3: hostkeys_foreach: reading file "D:\\Profiles\\Radu/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.6.9.59
debug3: Failed to open file:D:/Profiles/Radu/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '10.6.9.59' is known and matches the ECDSA host key.
debug1: Found key in D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: rh-2016 (00000149DD9D5140), agent
debug2: key: radu-2020 (00000149DD9D5290), agent
debug2: key: D:\\Profiles\\Radu/.ssh/id_rsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_dsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_ecdsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_ed25519 (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_xmss (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY rh-2016
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 277
debug2: input_userauth_pk_ok: fp SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: sign_and_send_pubkey: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.6.9.59 ([10.6.9.59]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: exec
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug3: send packet: type 98

# The client side now appears hung
# I am killing keepass/keeagent 0.13.3, and as soon as I do it,
# the client resumes outputting the following:

debug3: unable to connect to pipe \\\\.\\pipe\\openssh-ssh-agent, error: 2
debug1: ssh_get_authentication_socket: No such file or directory
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug1: Sending command: echo success
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: rcvd ext data 34
debug2: channel 0: rcvd ext data 319
debug2: channel 0: rcvd ext data 121
debug1: SELinux support disabled
debug1: permanently_set_uid: 1026/100
Environment:
  USER=radu
  LOGNAME=radu
  HOME=/home/radu
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
  MAIL=/var/mail/radu
  SHELL=/bin/bash
  SSH_CLIENT=10.6.9.34 54466 22
  SSH_CONNECTION=10.6.9.34 54466 10.6.9.59 22
  DISPLAY=localhost:10.0
Running /usr/bin/xauth remove unix:10.0
/usr/bin/xauth add unix:10.0 MIT-MAGIC-COOKIE-1 375cccb74c5a3c063d403c8a4ddc5970

debug2: channel 0: written 474 to efd 7

success

debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
 dead
ollecting

D:\Profiles\Radu>

Server side (repro hung connection)

builder-48:root [Linux] /
# /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 646
debug2: parse_server_config: config /etc/ssh/sshd_config len 646
debug3: /etc/ssh/sshd_config:15 setting Protocol 2
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:42 setting MaxAuthTries 3
debug3: /etc/ssh/sshd_config:61 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:65 setting ChallengeResponseAuthentication yes
debug3: /etc/ssh/sshd_config:75 setting GSSAPIAuthentication no
debug3: /etc/ssh/sshd_config:77 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:88 setting UsePAM no
debug3: /etc/ssh/sshd_config:99 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:103 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:104 setting AcceptEnv LC_IDENTIFICATION LC_ALL
debug3: /etc/ssh/sshd_config:105 setting AcceptEnv P4PORT P4CLIENT
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:110 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:119 setting ClientAliveInterval 118
debug3: /etc/ssh/sshd_config:120 setting ClientAliveCountMax 6
debug3: /etc/ssh/sshd_config:122 setting UseDNS no
debug3: /etc/ssh/sshd_config:132 setting Subsystem sftp internal-sftp
debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: private host key #0: ssh-rsa SHA256:I1/btEHBsqIW8gbpK0PIGX/7vTvCfN8IWhYhMsr2EII
debug1: private host key #1: ssh-dss SHA256:HfFVeh8G4gpx901TJ210DVSJIQMur2yZ7VCv59VoeGo
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug1: private host key #3: ssh-ed25519 SHA256:XcH5YOKpH5Ji2j5OuZL/cmceNWV0trYt2DT/YAltrrw
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

# Starting ssh connection from the client

debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 646
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.6.9.34 port 54466 on 10.6.9.59 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug2: fd 3 setting O_NONBLOCK
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug3: receive packet: type 30
debug3: send packet: type 31
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: send packet: type 7
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: KEX done
debug3: receive packet: type 5
debug3: send packet: type 6
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method none
debug1: attempt 0 failures 0
debug2: parse_server_config: config reprocess config len 646
debug3: auth_shadow_acctexpired: today 19362 sp_expire -1 days left -19363
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for radu
debug2: input_userauth_request: try method none
Failed none for radu from 10.6.9.34 port 54466 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive"
debug3: send packet: type 51
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: trying public key file /home/radu/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: matching key found: file /home/radu/.ssh/authorized_keys, line 1 RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: restore_uid: 0/0
debug3: send packet: type 60
debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512
Postponed publickey for radu from 10.6.9.34 port 54466 ssh2
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method publickey
debug1: attempt 2 failures 0
debug2: input_userauth_request: try method publickey
debug3: userauth_pubkey: have signature for RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: trying public key file /home/radu/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: matching key found: file /home/radu/.ssh/authorized_keys, line 1 RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512
Accepted publickey for radu from 10.6.9.34 port 54466 ssh2: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: send packet: type 52
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:I1/btEHBsqIW8gbpK0PIGX/7vTvCfN8IWhYhMsr2EII
debug3: notify_hostkeys: key 1: ssh-dss SHA256:HfFVeh8G4gpx901TJ210DVSJIQMur2yZ7VCv59VoeGo
debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug3: notify_hostkeys: key 3: ssh-ed25519 SHA256:XcH5YOKpH5Ji2j5OuZL/cmceNWV0trYt2DT/YAltrrw
debug3: notify_hostkeys: sent 4 hostkeys
debug3: send packet: type 80
debug1: Entering interactive session for SSH2.
debug2: fd 6 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug3: sock_set_v6only: set socket 8 IPV6_V6ONLY
debug2: fd 8 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 2: new [X11 inet listener]
debug3: send packet: type 99

# Client appears hung at this point
# Killing keepass/keagent 0.13.3 on the client by closing Keepass.
# As soon as I close keepass, the connection resumes and the client authenticates
# and outputs "success" as expected.
# Below is the continuation of the server side output after killing keeagent on the client side:

debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request exec reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
Starting session: command for radu from 10.6.9.34 port 54466 id 0
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: fd 12 setting O_NONBLOCK
debug2: fd 11 setting O_NONBLOCK
debug2: fd 14 setting O_NONBLOCK
debug3: send packet: type 99
debug2: channel 0: read 34 from efd 14
debug2: channel 0: rwin 2097152 elen 34 euse 1
debug2: channel 0: sent ext data 34
debug2: channel 0: read 319 from efd 14
debug2: channel 0: rwin 2097118 elen 319 euse 1
debug2: channel 0: sent ext data 319
debug2: channel 0: read 121 from efd 14
debug2: channel 0: rwin 2096799 elen 121 euse 1
debug2: channel 0: sent ext data 121
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 17704
debug1: session_exit_message: session 0 channel 0 pid 17704
debug2: channel 0: request exit-status confirm 0
debug3: send packet: type 98
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug3: send packet: type 98
debug2: channel 0: output open -> closed
debug2: channel 0: read<=0 rfd 12 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: read 0 from efd 14
debug2: channel 0: closing read-efd 14
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug3: send packet: type 97
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: is dead
debug2: channel 0: gc: notify user
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close_x11: detach x11 channel 1
debug1: session_close_x11: detach x11 channel 2
Close session: user radu from 10.6.9.34 port 54466 id 0
debug3: session_unused: session id 0 unused
debug2: channel 0: gc: user detached
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: server-session, nchannels 3
debug3: channel 0: status: The following connections are open:
  #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: X11 inet listener, nchannels 2
debug3: channel 1: status: The following connections are open:

debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: X11 inet listener, nchannels 1
debug3: channel 2: status: The following connections are open:

debug3: receive packet: type 1
Received disconnect from 10.6.9.34 port 54466:11: disconnected by user
Disconnected from 10.6.9.34 port 54466
debug1: do_cleanup
debug1: audit_event: unhandled event 12

builder-48:root [Linux] /
#

Reproducing working configuration

When KeeAgent 0.12.1 is used on the client side, and no other changes, the command "ssh -vvv -T 10.6.9.59 echo success" runs normally on the client, authenticating as expected and returning without user intervention. Here are the client-side and server-side logs, respectively, showing a normal handshake with KeeAgent 0.12.1:

Client side log (repro normal handshake):

D:\Profiles\Radu>ssh -vvv -T 10.6.9.59 echo success
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug1: Reading configuration data D:\\Profiles\\Radu/.ssh/config
debug1: D:\\Profiles\\Radu/.ssh/config line 4: Applying options for 10.6.9.59
debug1: Reading configuration data __PROGRAMDATA__\\ssh/ssh_config
debug2: resolve_canonicalize: hostname 10.6.9.59 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.6.9.59 [10.6.9.59] port 22.
debug1: Connection established.
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_rsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_rsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_dsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_dsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ecdsa type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519 error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ed25519 type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_xmss type -1
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss-cert error:2
debug3: Failed to open file:D:/Profiles/Radu/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file D:\\Profiles\\Radu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.6.9.59:22 as 'radu'
debug3: hostkeys_foreach: reading file "D:\\Profiles\\Radu/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.6.9.59
debug3: Failed to open file:D:/Profiles/Radu/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug3: hostkeys_foreach: reading file "D:\\Profiles\\Radu/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.6.9.59
debug3: Failed to open file:D:/Profiles/Radu/.ssh/known_hosts2 error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
debug1: Host '10.6.9.59' is known and matches the ECDSA host key.
debug1: Found key in D:\\Profiles\\Radu/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: rh-2016 (0000020DCC7B1180), agent
debug2: key: radu-2020 (0000020DCC7B1260), agent
debug2: key: D:\\Profiles\\Radu/.ssh/id_rsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_dsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_ecdsa (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_ed25519 (0000000000000000)
debug2: key: D:\\Profiles\\Radu/.ssh/id_xmss (0000000000000000)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY rh-2016
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 277
debug2: input_userauth_pk_ok: fp SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: sign_and_send_pubkey: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.6.9.59 ([10.6.9.59]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: exec
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug1: No xauth program.
Warning: No xauth data; using fake authentication data for X11 forwarding.
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 1
debug3: send packet: type 98
debug1: Requesting authentication agent forwarding.
debug2: channel 0: request auth-agent-req@openssh.com confirm 0
debug3: send packet: type 98
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug1: Sending command: echo success
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: X11 forwarding request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: rcvd ext data 34
debug2: channel 0: rcvd ext data 367
debug2: channel 0: rcvd ext data 121
debug1: SELinux support disabled
debug1: permanently_set_uid: 1026/100
Environment:
  USER=radu
  LOGNAME=radu
  HOME=/home/radu
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
  MAIL=/var/mail/radu
  SHELL=/bin/bash
  SSH_CLIENT=10.6.9.34 55077 22
  SSH_CONNECTION=10.6.9.34 55077 10.6.9.59 22
  DISPLAY=localhost:10.0
  SSH_AUTH_SOCK=/tmp/ssh-er7DyoJ11y/agent.18565
Running /usr/bin/xauth remove unix:10.0
/usr/bin/xauth add unix:10.0 MIT-MAGIC-COOKIE-1 e7b07bd65bf146b4da35b57b622310b6
debug2: channel 0: written 522 to efd 7
success
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
 dead
ollecting

D:\Profiles\Radu>

Server-side log (repro normal handshake)

builder-48:root [Linux] /
# /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 646
debug2: parse_server_config: config /etc/ssh/sshd_config len 646
debug3: /etc/ssh/sshd_config:15 setting Protocol 2
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:42 setting MaxAuthTries 3
debug3: /etc/ssh/sshd_config:61 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:65 setting ChallengeResponseAuthentication yes
debug3: /etc/ssh/sshd_config:75 setting GSSAPIAuthentication no
debug3: /etc/ssh/sshd_config:77 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:88 setting UsePAM no
debug3: /etc/ssh/sshd_config:99 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:103 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:104 setting AcceptEnv LC_IDENTIFICATION LC_ALL
debug3: /etc/ssh/sshd_config:105 setting AcceptEnv P4PORT P4CLIENT
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:110 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:119 setting ClientAliveInterval 118
debug3: /etc/ssh/sshd_config:120 setting ClientAliveCountMax 6
debug3: /etc/ssh/sshd_config:122 setting UseDNS no
debug3: /etc/ssh/sshd_config:132 setting Subsystem sftp internal-sftp
debug1: sshd version OpenSSH_7.2, OpenSSL 1.0.2g  1 Mar 2016
debug1: private host key #0: ssh-rsa SHA256:I1/btEHBsqIW8gbpK0PIGX/7vTvCfN8IWhYhMsr2EII
debug1: private host key #1: ssh-dss SHA256:HfFVeh8G4gpx901TJ210DVSJIQMur2yZ7VCv59VoeGo
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug1: private host key #3: ssh-ed25519 SHA256:XcH5YOKpH5Ji2j5OuZL/cmceNWV0trYt2DT/YAltrrw
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

# Running "ssh -vvv -T 10.6.9.59 echo success" on the client now:

debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 646
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.6.9.34 port 55077 on 10.6.9.59 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_for_Windows_7.7
debug1: match: OpenSSH_for_Windows_7.7 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug2: fd 3 setting O_NONBLOCK
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug3: receive packet: type 30
debug3: send packet: type 31
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: send packet: type 7
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: KEX done
debug3: receive packet: type 5
debug3: send packet: type 6
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method none
debug1: attempt 0 failures 0
debug2: parse_server_config: config reprocess config len 646
debug3: auth_shadow_acctexpired: today 19362 sp_expire -1 days left -19363
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for radu
debug2: input_userauth_request: try method none
Failed none for radu from 10.6.9.34 port 55077 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive"
debug3: send packet: type 51
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: trying public key file /home/radu/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: matching key found: file /home/radu/.ssh/authorized_keys, line 1 RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: restore_uid: 0/0
debug3: send packet: type 60
debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512
Postponed publickey for radu from 10.6.9.34 port 55077 ssh2
debug3: receive packet: type 50
debug1: userauth-request for user radu service ssh-connection method publickey
debug1: attempt 2 failures 0
debug2: input_userauth_request: try method publickey
debug3: userauth_pubkey: have signature for RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: trying public key file /home/radu/.ssh/authorized_keys
debug1: fd 6 clearing O_NONBLOCK
debug1: matching key found: file /home/radu/.ssh/authorized_keys, line 1 RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512
Accepted publickey for radu from 10.6.9.34 port 55077 ssh2: RSA SHA256:dVxv55by0snXTPld7Blukqgm4EEx3fXDH5OBQP0SdkY
debug3: send packet: type 52
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:I1/btEHBsqIW8gbpK0PIGX/7vTvCfN8IWhYhMsr2EII
debug3: notify_hostkeys: key 1: ssh-dss SHA256:HfFVeh8G4gpx901TJ210DVSJIQMur2yZ7VCv59VoeGo
debug3: notify_hostkeys: key 2: ecdsa-sha2-nistp256 SHA256:aOkj/qrYdlVAfDdomudrMq2Fe6ZbPmaFusYxxHXfGBY
debug3: notify_hostkeys: key 3: ssh-ed25519 SHA256:XcH5YOKpH5Ji2j5OuZL/cmceNWV0trYt2DT/YAltrrw
debug3: notify_hostkeys: sent 4 hostkeys
debug3: send packet: type 80
debug1: Entering interactive session for SSH2.
debug2: fd 6 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request x11-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req x11-req
debug3: sock_set_v6only: set socket 8 IPV6_V6ONLY
debug2: fd 8 setting O_NONBLOCK
debug3: fd 8 is O_NONBLOCK
debug1: channel 1: new [X11 inet listener]
debug2: fd 9 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 2: new [X11 inet listener]
debug3: send packet: type 99
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request auth-agent-req@openssh.com reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req auth-agent-req@openssh.com
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: restore_uid: 0/0
debug2: fd 10 setting O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: channel 3: new [auth socket]
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request exec reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
Starting session: command for radu from 10.6.9.34 port 55077 id 0
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: fd 13 setting O_NONBLOCK
debug2: fd 12 setting O_NONBLOCK
debug2: fd 15 setting O_NONBLOCK
debug3: send packet: type 99
debug2: channel 0: read 34 from efd 15
debug2: channel 0: rwin 2097152 elen 34 euse 1
debug2: channel 0: sent ext data 34
debug2: channel 0: read 367 from efd 15
debug2: channel 0: rwin 2097118 elen 367 euse 1
debug2: channel 0: sent ext data 367
debug2: channel 0: read 121 from efd 15
debug2: channel 0: rwin 2096751 elen 121 euse 1
debug2: channel 0: sent ext data 121
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 18568
debug1: session_exit_message: session 0 channel 0 pid 18568
debug2: channel 0: request exit-status confirm 0
debug3: send packet: type 98
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug3: send packet: type 98
debug2: channel 0: output open -> closed
debug2: channel 0: read<=0 rfd 13 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: read 0 from efd 15
debug2: channel 0: closing read-efd 15
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug3: send packet: type 97
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: is dead
debug2: channel 0: gc: notify user
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close_x11: detach x11 channel 1
debug1: session_close_x11: detach x11 channel 2
Close session: user radu from 10.6.9.34 port 55077 id 0
debug3: session_unused: session id 0 unused
debug2: channel 0: gc: user detached
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: server-session, nchannels 4
debug3: channel 0: status: The following connections are open:
  #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug2: channel 1: zombie
debug2: channel 1: garbage collecting
debug1: channel 1: free: X11 inet listener, nchannels 3
debug3: channel 1: status: The following connections are open:

debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: X11 inet listener, nchannels 2
debug3: channel 2: status: The following connections are open:

debug3: receive packet: type 1
Received disconnect from 10.6.9.34 port 55077:11: disconnected by user
Disconnected from 10.6.9.34 port 55077
debug1: do_cleanup
debug1: temporarily_use_uid: 1026/100 (e=0/0)
debug1: restore_uid: 0/0
debug1: audit_event: unhandled event 12

builder-48:root [Linux] /
#

Thank you for this godsend extension to Keepass, I have been relying on it for many years of flawless daily operation, without giving it much thought. "It just works" and I love it. I hope the good track record can be restored.

[dlech]

It would be helpful if you could set up a docker container with a server that triggers the error to make it easily reproducible, then we can have a look. See https://github.com/dlech/SshAgentLib/tree/master/docker for some examples.

[ciis0]

Hi,

thank you for creating and maintaining Kee Agent :)

I think I experience a issue similar, if not the same.

After some time the agent connection for Windows ssh agent breaks:

• cannot start new sessions via windows ssh
• windows ssh ssh-add -l hangs too
• still can start new sessions via putty/pageant

That putty still works suggests that this is not a server problem.

I think I experience this since quite some time, I only recently discovered that this is not Windows↔WSL port mappings breaking down but this issue.

This is a log with working agent:

debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent
debug1: Will attempt key: --%<-- RSA SHA256:--%<-- agent

This where it hangs:

debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
# after some time I abort with CTRL-C

C:\Users\...>

Versions:

KeePass	2.53 (64bit)
KeeAgent	0.13.4.0
Windows	Windows 10 Enterprise, 21H2 19044.2486
Windows SSH	OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

[ciis0]

If I find/take the time to set up a debugging environment I'll report back.

[dlech]

closing as duplicate of #362