- Liza Alenchery mentioned a problem with re-used SCP connection when a bad

auth is used, as it caused a crash. I failed to repeat the issue, but still
  made a change that now forces the TCP connection used for a freed SCP
  session to get closed and not be re-used.

CHANGES

@@ -7,6 +7,11 @@
                                   Changelog
 
 Daniel Stenberg (30 Oct 2009)
+- Liza Alenchery mentioned a problem with re-used SCP connection when a bad
+  auth is used, as it caused a crash. I failed to repeat the issue, but still
+  made a change that now forces the TCP connection used for a freed SCP
+  session to get closed and not be re-used.
+
 - "Tom" posted a bug report that mentioned how libcurl did wrong when doing a
   POST using a read callback, with Digest authentication and
   "Transfer-Encoding: chunked" enforced.  I would then cause the first request

RELEASE-NOTES

@@ -43,6 +43,7 @@ This release includes the following bugfixes:
  o use pkg-config to find out libssh2 installation details in configure
  o unparsable cookie expire dates make cookies get treated as session coookies
  o POST with Digest authentication and "Transfer-Encoding: chunked"
+ o SCP connection re-use with wrong auth
 
 This release includes the following known bugs:
 
@@ -55,6 +56,7 @@ advice from friends like these:
  Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
  Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
  Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
- Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky
+ Kevin Baughman, John Dennis, Ray Dassen, Johan van Selst, Dima Barsky,
+ Liza Alenchery
 
         Thanks! (and sorry if I forgot to mention someone)

lib/ssh.c

@@ -2221,6 +2221,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       }
       sshc->ssh_session = NULL;
     }
+    conn->bits.close = TRUE;
     sshc->nextstate = SSH_NO_STATE;
     state(conn, SSH_STOP);
     result = sshc->actualcode;