I reported this a while back: https://www.mail-archive.com/dropbear%40ucc.asn.au/msg01287.html
and finally got the time to do a git bisect over a clone of https://github.com/mkj/dropbear which yielded: 61cecbb3371839a824ff536338471d4b888aacf6 is the first bad commit commit 61cecbb3371839a824ff536338471d4b888aacf6 Author: Matt Johnston <[email protected]> Date: Fri Jan 17 21:39:27 2014 +0800 DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default in a nutshell... using dropbear before that commit, i can happily use the ssh client (dbclient) in my openwrt router, to connect to a remote host, using a pubkey located in my laptop, through ssh agent forwarding i.e. [debian7]-->[openwrtA]-->[openwrtB] my pubkey is in debian7, dbclient 2013.62 is in openwrtA and i can ssh from debian7 into openwrtA, then do another ssh from openwrtA to openwrtB, without issues. The agent connection is forwarded correctly from debian7 to openwrtB by openwrtA's dbclient 2013.62 for auth purposes. since commit 61cecbb33, this no longer works as expected. dbclient hangs forever when trying to connect. i'm about to try "hotfix" it in my openwrt build, disabling CLI_IMMEDIATE_AUTH as suggested in: /* Send a real auth request immediately after sending a query for the available methods. * It saves a network round trip at login. * If problems are encountered it can be disabled here. */ #define CLI_IMMEDIATE_AUTH but, what would be the side-effects of disabling this? (or: what's the idea behind CLI_IMMEDIATE_AUTH?) maybe it was not "fixed" enough at the time it was committed / enabled by default? ;) (as it stands now, the regression is still present in latest release) thanks a lot for any pointers, with much respect for all your work, cheers! gui ================================================================= successful log, using dbclient compiled from git aee1309c9: gui@debian7:~ $ ssh openwrtA -vv -A [...] BusyBox v1.22.1 (2015-04-26 16:13:38 ART) built-in shell (ash) Enter 'help' for a list of built-in commands. root@openwrtA:~# ssh openwrtB debug1: client_input_channel_open: ctype [email protected] rchan 1 win 24576 max 32768 debug2: fd 9 setting O_NONBLOCK debug1: channel 3: new [authentication agent connection] debug1: confirm [email protected] debug2: channel 3: rcvd eof debug2: channel 3: output open -> drain debug2: channel 3: obuf empty debug2: channel 3: close_write debug2: channel 3: output drain -> closed debug1: channel 3: FORCE input drain debug2: channel 3: ibuf empty debug2: channel 3: send eof debug2: channel 3: input drain -> closed debug2: channel 3: rcvd close debug2: channel 3: send close debug2: channel 3: is dead debug2: channel 3: garbage collecting debug1: channel 3: free: authentication agent connection, nchannels 4 BusyBox v1.22.1 (2015-04-26 16:13:38 ART) built-in shell (ash) Enter 'help' for a list of built-in commands. root@openwrtB:~# ============================================================ unsuccessful log, using dbclient compiled from git 61cecbb33: gui@debian7:~ $ ssh openwrtA -vv -A [...] BusyBox v1.22.1 (2015-04-26 16:13:38 ART) built-in shell (ash) Enter 'help' for a list of built-in commands. root@openwrtA:~# ssh openwrtB debug1: client_input_channel_open: ctype [email protected] rchan 1 win 24576 max 32768 debug2: fd 9 setting O_NONBLOCK debug1: channel 3: new [authentication agent connection] debug1: confirm [email protected] [hangs forever] ============================================================
