while testing libssh2 and OpenSSH we found out that there is problem with following configuration: kex: diffie-hellman-group1-sha1 enc: (any) mac: hmac-sha2-512 This configuration leads to following error message: dh_gen_key: group too small: 1024 (2*need 1024) It is OpenSSH that rejects connection – libssh2 seems to work correctly and it also seems that OpenSSH 6.5 solves the issue. After checking the source code it should be following change that makes difference: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/dh.c.diff?r1=1.52&r2=1.53&f=h&only_with_tag=OPENBSD_5_5_BASE&f=u Reason for that change which is not clear by just reading CVS commit message is discussed in the following short conversation: https://lists.mindrot.org/pipermail/openssh-unix-dev/2013-November/031844.html It appears that just by expertise of committer Damien Miller this is just fixed.
