ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: key type does not match

Question

I'm running into a bizarre error with SSH to a Sonicwall device which I'm unable to resolve. The issue only seem to occur on OS X (10.11)'s built in SSH. I can successfully ssh to the firewall from various other devices except OS X.

The error I'm seeing is: ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: key type does not match

Trying to wrap my head around this but not having any luck. Here is the output when using -vvv.

OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data
/etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying
options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to
hostname [x.x.x.x] port 22. debug1: Connection established. debug1:
identity file /Users/hjlinde/.ssh/id_rsa type 1 debug1:
key_load_public: No such file or directory debug1: identity file
/Users/hjlinde/.ssh/id_rsa-cert type -1 debug1: identity file
/Users/hjlinde/.ssh/id_dsa type 2 debug1: key_load_public: No such
file or directory debug1: identity file
/Users/hjlinde/.ssh/id_dsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/Users/hjlinde/.ssh/id_ecdsa type -1 debug1: key_load_public: No such
file or directory debug1: identity file
/Users/hjlinde/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/Users/hjlinde/.ssh/id_ed25519 type -1 debug1: key_load_public: No
such file or directory debug1: identity file
/Users/hjlinde/.ssh/id_ed25519-cert type -1 debug1: Enabling
compatibility mode for protocol 2.0 debug1: Local version string
SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote
software version OpenSSH_6.2 PKIX debug1: match: OpenSSH_6.2 PKIX pat
OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1:
Authenticating to hostname:22 as 'username' debug3: hostkeys_foreach:
reading file "/Users/hjlinde/.ssh/known_hosts" debug1:
SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2:
kex_parse_kexinit:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2:
kex_parse_kexinit: none,zlib@openssh.com,zlib debug2:
kex_parse_kexinit:  debug2: kex_parse_kexinit:  debug2:
kex_parse_kexinit: first_kex_follows 0  debug2: kex_parse_kexinit:
reserved 0  debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2:
kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: des,3des,3des-cbc,arcfour debug2:
kex_parse_kexinit: des,3des,3des-cbc,arcfour debug2:
kex_parse_kexinit: hmac-md5,hmac-sha1 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1 debug2: kex_parse_kexinit: none,zlib debug2:
kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit:  debug2:
kex_parse_kexinit:  debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0  debug1: kex: server->client
3des-cbc hmac-sha1 none debug1: kex: client->server 3des-cbc hmac-sha1
none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent debug1:
got SSH2_MSG_KEX_DH_GEX_GROUP debug2: bits set: 509/1024 debug1:
SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
ssh_dispatch_run_fatal: Connection to x.x.x.x: key type does not match

I've tried to use brew to install a newer version of ssh, version OpenSSH_7.2p2. But no luck with that either.

Anyone able to explain to me what is going wrong here?

Answer 1

It turns out that this is indeed a buggy firmware on Sonicwall. Be advised if you run 6.2.2.2-19n that the issue pertains specifically to this version. Upgrading to 6.2.5.1 resolved this problem.