If you do this: > $ SSH_AUTH_SOCK= ssh foo@bar Then ssh will try to connect to an agent at address "\0\0\0\0....", which is a perfectly legal abstract socket address on Linux. This was discovered by the fact that irqbalance 1.5.0 happens to listen to that address: https://github.com/Irqbalance/irqbalance/issues/85 The end result is that ssh hangs as it tries to talk to irqbalance, believing it is an SSH agent. This is a very confusing behaviour and I would have expected an empty $SSH_AUTH_SOCK to be treated the same as if it was not set at all.
The following patch should take care of this: diff --git a/authfd.c b/authfd.c index ecdd869a..972f1b5f 100644 --- a/authfd.c +++ b/authfd.c @@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp) *fdp = -1; authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME); - if (!authsocket) + if (!authsocket || authsocket[0] == '\0') return SSH_ERR_AGENT_NOT_PRESENT; memset(&sunaddr, 0, sizeof(sunaddr));
Fix committed - this will be in OpenSSH 8.0
closing resolved bugs as of 8.6p1 release
[spam removed]