diff --git a/CHANGES b/CHANGES
index 78717b366..1ab15dc73 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
                                   Changelog
 
 Daniel Stenberg (30 Oct 2009)
+- Liza Alenchery mentioned a problem with re-used SCP connection when a bad
+  auth is used, as it caused a crash. I failed to repeat the issue, but still
+  made a change that now forces the TCP connection used for a freed SCP
+  session to get closed and not be re-used.
+
 - "Tom" posted a bug report that mentioned how libcurl did wrong when doing a
   POST using a read callback, with Digest authentication and
   "Transfer-Encoding: chunked" enforced.  I would then cause the first request
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 10ca00db8..2e3817003 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -43,6 +43,7 @@ This release includes the following bugfixes:
  o use pkg-config to find out libssh2 installation details in configure
  o unparsable cookie expire dates make cookies get treated as session coookies
  o POST with Digest authentication and "Transfer-Encoding: chunked"
+ o SCP connection re-use with wrong auth
 
 This release includes the following known bugs:
 
@@ -55,6 +56,7 @@ advice from friends like these:
  Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
  Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
  Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
- Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky
+ Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky,
+ Liza Alenchery
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ssh.c b/lib/ssh.c
index eaaa8e69a..0d7f60ee4 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -2221,6 +2221,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       }
       sshc->ssh_session = NULL;
     }
+    conn->bits.close = TRUE;
     sshc->nextstate = SSH_NO_STATE;
     state(conn, SSH_STOP);
     result = sshc->actualcode;