Does this help? NetBSD builtin sshd: =================== debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client aes128-cbc hmac-md5 none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY ===================
>From pkgsrc: ================= debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client aes128-cbc hmac-md5 none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY ================= I´m certainly not a crypto expert, but it looks to me that aes128-cbc was negotiated in both cases. 2015-03-20 12:43 GMT+01:00 Martin Husemann <[email protected]>: > Then check the ciphers/compression used. You probably have different > configurations for both. > > ssh -v $server > > will tell you most details. > > Martin >
