Running into a weird issue with Ed25519 keys and hoping someone here has seen this before.
SETUP
I'm using KeePassXC to manage SSH keys and launch SecureCRT sessions via a cmd:// URL. The flow is: KeePassXC unlocks → injects the private key into the Windows OpenSSH Agent → SecureCRT reads the key from the agent and authenticates. VANDYKE_SSH_AUTH_SOCK is set to \.\pipe\openssh-ssh-agent.
THE WEIRD PART
Everything works perfectly with RSA 4096 keys — both against Ubuntu servers and MikroTik routers. But with Ed25519 keys, it only fails against MikroTik. Same Ed25519 key against Ubuntu: works fine. Same Ed25519 key directly from the Windows SSH CLI (ssh -i): also works fine against MikroTik.
So it's specifically: Ed25519 + SecureCRT (launched from KeePassXC) + MikroTik = fails.
I tried generating the Ed25519 key with -Z aes256-cbc and also with no passphrase (-N ""). Same result either way.
The key is correctly loaded in the agent (ssh-add -l shows it), and it's correctly imported in MikroTik (/user ssh-keys). MikroTik SSH logs show nothing when the failed attempt happens — it's like the connection just drops silently.
MY GUESS
It might be something in how SecureCRT negotiates the key algorithm with RouterOS when pulling the key from an external agent — maybe it's not advertising Ed25519 properly, or RouterOS is pickier about the signature algorithm format. But I'm not sure.
Have you tried to just echo the line to some log.txt file, so you can see that the parameters are correct, and not any illegal characters something like this.
I have just received a response from VanDyke. This turns out to be a known bug affecting SecureCRT, which has already been fixed in the upcoming version of the application (9.8.0.3876).
I have verified that it works correctly using the pre-release build provided by their support team.
Thank you very much for your assistance on this matter.
