I decided to put the two logs from `sshd -d' side-by-side to try to figure out where the differences are. Both logs have the following lines immediately after the connection request:
debug1: Client protocol version 2.0; client software version FTP-Voyager-15.2.0.15 debug1: no match: FTP-Voyager-15.2.0.15 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 The working connection log has this line next: debug1: SELinux support disabled [preauth] Then the two logs continue with the same lines, although some of the parameters may differ. I don't think they're important. debug1: permanently_set_uid: 74/74 [preauth] Now it gets interesting. Working connection: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes192-cbc hmac-sha1 z...@openssh.com [preauth] debug1: kex: server->client aes192-cbc hmac-sha1 z...@openssh.com [preauth] debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] Then come lines indicating a successful sign-in, which I omitted. Failing connection: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] no matching cipher found: client aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-...@lysator.liu.se,des-cbc,des-...@ssh.com server aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com [preauth] The rest of the lines show connection run-down, omitted. The major difference that I see is that the connection that works has the line `SELinux support disabled [preauth]', and the connection that doesn't work does not have that line. What I know about SELinux is that incorrect usage could have disastrous results, so I haven't done anything with it. Do I need to change anything in my default Debian installation? Suggestions welcome.