diff --git a/helper/ssh/key_pair.go b/helper/ssh/key_pair.go
index 4a4f12e00..830d374cd 100644
--- a/helper/ssh/key_pair.go
+++ b/helper/ssh/key_pair.go
@@ -128,9 +128,9 @@ func (o *defaultKeyPairBuilder) newEcdsaKeyPair() (KeyPair, error) {
 	case 521:
 		curve = elliptic.P521()
 	case 384:
-		elliptic.P384()
+		curve = elliptic.P384()
 	case 256:
-		elliptic.P256()
+		curve = elliptic.P256()
 	case 224:
 		// Not supported by "golang.org/x/crypto/ssh".
 		return &defaultKeyPair{}, errors.New("golang.org/x/crypto/ssh does not support " +
diff --git a/helper/ssh/key_pair_test.go b/helper/ssh/key_pair_test.go
index 783fab735..808e98e02 100644
--- a/helper/ssh/key_pair_test.go
+++ b/helper/ssh/key_pair_test.go
@@ -176,6 +176,34 @@ func TestDefaultKeyPairBuilder_Build_EcdsaDefault(t *testing.T) {
 	}
 }
 
+func TestDefaultKeyPairBuilder_Build_EcdsaSupportedCurves(t *testing.T) {
+	supportedBits := []int{
+		521,
+		384,
+		256,
+	}
+
+	for _, bits := range supportedBits {
+		kp, err := NewKeyPairBuilder().
+			SetType(Ecdsa).
+			SetBits(bits).
+			Build()
+		if err != nil {
+			t.Fatal(err.Error())
+		}
+
+		err = expected{
+			kind: Ecdsa,
+			bits: bits,
+			desc: "ecdsa " + strconv.Itoa(bits),
+			data: []byte(uuid.TimeOrderedUUID()),
+		}.matches(kp)
+		if err != nil {
+			t.Fatal(err.Error())
+		}
+	}
+}
+
 func TestDefaultKeyPairBuilder_Build_RsaDefault(t *testing.T) {
 	kp, err := NewKeyPairBuilder().
 		SetType(Rsa).