Hello list, To my astonishment the openssh versions on both C6 and C7 will by default negotiate an MD5 HMAC. C6 client, C7 server: debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none C7 client & server: debug2: mac_setup: setup hmac-md5-etm at openssh.com debug1: kex: server->client aes128-ctr hmac-md5-etm at openssh.com none debug2: mac_setup: setup hmac-md5-etm at openssh.com debug1: kex: client->server aes128-ctr hmac-md5-etm at openssh.com none I reported this issue upstream: https://bugzilla.redhat.com/show_bug.cgi?id=1417263 https://bugzilla.redhat.com/show_bug.cgi?id=1417264 You might want to add MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-512,hmac-sha2-256-etm at openssh.com,hmac-sha2-256,hmac-sha1-etm at openssh.com,hmac-sha1,hmac-ripemd160-etm at openssh.com,hmac-ripemd160 at openssh.com,hmac-ripemd160,umac-128 at openssh.com,umac-128-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-sha1-96,umac-64-etm at openssh.com,umac-64 at openssh.com to your C7 ssh_config and sshd_config, or MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,umac-64 at openssh.com,hmac-sha1-96 to your C6 ssh_config and sshd_config. You might also want to prune your cipher list to exclude RC4 = arcfour ciphers with the option "Ciphers". Compare http://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/ Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research