one host only: ssh_dispatch_run_fatal

Darren Tucker dtucker at
Tue Nov 8 13:53:05 AEDT 2016

On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at> wrote:
> gv harry> ssh -vv 2x
> OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j  26 Sep 2016

this is a third-party modified version of OpenSSH.  Can you reproduce
the problem with a stock OpenSSH from the source from

> debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000

OpenSSH 6.6 has a bug in curve25519-sha256 at, which is the
kex method later selected.

Quoting the 6.7 release notes:
 * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
   using the curve25519-sha256 at KEX exchange method to fail
   when connecting with something that implements the specification
   correctly. OpenSSH 6.7 disables this KEX method when speaking to
   one of the affected versions.

> debug1: kex: host key algorithm: ssh-ed25519
> debug1: Found key in /home/harry/.ssh/known_hosts:2
> debug2: bits set: 4134/8192
> debug2: ssh_ed25519_verify: crypto_sign_ed25519_open failed: -1
> ssh_dispatch_run_fatal: Connection to port 22: incorrect signature

Maybe the same bug also affects ed25519 as a host key algorithm?  If
so, setting HostKeyAlgorithms in ssh_config on the client to something
that doesn't include ssh-ed25519 might help.

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list