Reverse shell with tcpserver

I've got an ssh server that is v2 only

on it I run
ssh2srv % tcpserver -v 127.0.0.1 9999 srvrc

srvrc is
#!/usr/local/plan9/bin/rc
/usr/local/plan9/bin/rc <>[2=1]

on a local Lunix box I run
ssh2client % ssh -N -L 192.168.9.2:5999:localhost:9999 ssh2only

then finally on plan9 I run
p9 % srv tcp!192.168.9.2!5999 rc
p9 % con -C /srv/rc

and I get

post...
%

and I have my prompt.