Created attachment 2145 [details] Patch implementing a new SendVersionFirst option. The current behavior of the OpenSSH client is to wait for the server to send its version string before sending the client version. This allows the client to work around problems in several old versions of various SSH server software. When configured to speak only protocol version 2, these workarounds are of much less value. Also, the "wait for server version" behavior causes a long delay -- up to 30 seconds -- when communicating through certain proxies which try to guess the protocol in use before punching the connection through to the requested server. Particularly stupidly configured proxies may even drop the connection if they never see the client version string from our end. Such proxies are unquestionably broken but they are also painfully common. The attached patch adds an option "SendVersionFirst" which, if we are speaking v2, inverts the old behavior and sends our client version string first, rather than waiting for the server to send its string. I have defaulted it to enabled. This makes OpenSSH behave much more like most other clients when configured for v2 only and I haven't seen it cause problems with any of a wide variety of servers. The option can always be disabled if a problem does arise.
Created attachment 2175 [details] Refactor, always send client banner first for protocol=2 I don't think we need an option here - this is a good optimisation and we should do it whenever possible.
Patch applied - this missed the cut for openssh-6.1, but will be in 6.2. Thanks.
mark bugs closed by openssh-6.2 release as CLOSED