I used libssh to develop a Git SSH server that provides Git Over SSH support for users. Some people use Git clients to use Putty to access remote SSH servers. When I upgraded our server-dependent libssh to 0.9.1, these users couldn't connect to our SSH server no matter what form of ssh public key they used.
Our server will load the following SSH keys in order:
Usually during the KEX phase, the SSH Server will report an error with the error:
>ssh_handle_key_exchange error: Could not sign the session id
By modifying libssh to track errors, the final output is:
>digital envelope routines:update:only oneshot supported
This error is returned by //**EVP_DigestSignUpdate**// and the corresponding code is: https://gitlab.com/libssh/libssh-mirror/blob/master/src/pki_crypto.c#L2183
When I delete the ssh_host_ed25519_key in the configuration file, putty can correctly establish a connection with the SSH server.
Libssh 0.8.7/0.9.0 has no such errors.
Regardless of whether the SSH server uses the ED25519 host key, OpenSSH can be accessed normally. Once the SSH server uses the ED25519 host key, Putty cannot negotiate with the server regardless of which type of key is used. Delete ed25519 and everything works fine.