I wrote:
Ok, this bit definitely sounds like a server side bug, unless perhaps there is some buffering taking place in ssh or nc causing the errore reply packet to not be send back promptly
I'll try to get some better traces of what's going on here.
The error is getting back to the client. On the client, remoteAuthenticate does fail and return -1. The client then ends up blocked in the waitpid at remote_internal.c:877: 865 failed: 866 /* Close the socket if we failed. */ 867 if (priv->sock >= 0) { 868 if (priv->uses_tls && priv->session) { 869 gnutls_bye (priv->session, GNUTLS_SHUT_RDWR); 870 gnutls_deinit (priv->session); 871 } 872 close (priv->sock); 873 #ifndef WIN32 874 if (priv->pid > 0) { 875 pid_t reap; 876 do { 877 reap = waitpid(priv->pid, NULL, 0); 878 if (reap == -1 && errno == EINTR) 879 continue; 880 } while (reap != -1 && reap != priv->pid); 881 } 882 #endif 883 } Nothing gets printed up until this point, which is why there's no output. I guess the client is waiting for SSH to die, which isn't happening for some reason. That must be a bug on the server side, although the client should also probably be more robust in this case.. -jim