Unexpected public key authentication failure on arcfour cipher server change

[eewanco]

I am tightening up security on our server product by removing the three arcfour ciphers (arcfour, arcfour128, and arcfour256). When I did this, SecureCRT started throwing an error when I log in, saying: 'Public Key Authentication Failed: Public-key authentication with the server for user root failed. Please verify username and public/private key pair.'

Given that I am not using public key authentication (although it is enabled, listed second in preference after password authentication, which is what I am using) I am surprised to see this. It logs in OK when I "skip" the dialog. If I disable public key authentication it works. If I add my SecureCRT public key to .ssh/authorized_keys it works. What does this have to do with my arcfour change?

I tried deleting the host key to no effect. I am less interested in solving this problem than I am in understanding it, because if I get the error, a customer may potentially have issues or annoyances, and I don't want that. However solving the problem might help me assess whether to introduce this change or not.

I am using OpenSUSE 13.1 openssh-6.2p2-3.7.1 on the server side. If I use OpenSSH_7.2p2 (OpenSSL 1.0.2g) or PuTTY 0.67 on the client side, I see no issues. I am using SecureCRT 8.0.1.

My OpenSSH sshd_config configuration includes:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

(I am aware that the CBC ones are insecure.)

Thanks!