The patch between OpenSSH 6.6_p1 and 6.6.1_p1 was pasted from Damien's announcement mail at https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html. The Pipermail application from which the patch was pasted does replace "@" signs with " at ". One of these replaced @'s was located inside the code (as "curve25519-sha256@libssh.org"). OpenSSH 6.6.1 is supposed to disable the curve25519 key exchange algorithm when connecting to older, buggy ssh instances, but this fails on Gentoo because our mis-patched version looks for "curve25519-sha256 at libssh.org" instead of "curve25519-sha256@libssh.org". Please do a $ sed -i -e 's/ at /@/' files/openssh-6.6.1_p1.patch .
+*openssh-6.6.1_p1-r1 (04 Aug 2014) + + 04 Aug 2014; Lars Wendler <polynomial-c@gentoo.org> -openssh-6.6.1_p1.ebuild, + +openssh-6.6.1_p1-r1.ebuild, files/openssh-6.6.1_p1.patch: + Fixed mistakenly replaced @ char. Thanks to Luis Ressel for reporting this in + bug #519076. +
The -r2 update to this broke things *completely* FYI. Logging in to a server that forces curve22519, chacha20-poly1395 and umac-128 isn’t possible anymore. So whatever you did… please fix your fix. :)
P.S.: Even worse: SSH flooded my RAM and was killed by the kernel’s OOM handler. So it could even be a kind of buffer overflow with security implications. All is in flames…
(In reply to Navid Zamani from comment #2) new problem -> new bug