PR link for fix: https://github.com/jenkinsci/trilead-ssh2/pull/250

Originally detected by a libssh user here: https://gitlab.com/libssh/libssh-mirror/-/issues/311 (trilead ssh2 client used against a libssh server)

The authentication code sent 'ssh-userauth' SSH_MSG_SERVICE_REQUEST followed by 'ssh-connection' SSH_MSG_USERAUTH_REQUEST before waiting for responses of both of these requests (https://github.com/jenkinsci/trilead-ssh2/blob/34c8e6535725e81b20045fec14ccc1cc065cc3a7/src/com/trilead/ssh2/auth/AuthenticationManager.java#L141).

PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth");			tm.sendMessage(sr.getPayload());

PacketUserauthRequestNone urn = new PacketUserauthRequestNone("ssh-connection", user);
tm.sendMessage(urn.getPayload());

byte[] msg = getNextMessage();
new PacketServiceAccept(msg, 0, msg.length);

msg = getNextMessage();
 

This seems to be a violation of the protocol which mentions (quoting the protocol RFC 4253 Section 8 "Service Request"):

"Note that after a key exchange with implicit server authentication, the client MUST wait for response to its service request message before sending any further data."