Building `libssh2` for Windows (Win32/Win64) is a lot harder than I hoped for

libssh2-build-steps.rst

Steps for now (I'm not happy at all on how to get rid of VCRUNTIME140.DLL):

1. Install Visual Studio 2015 community edition from https://www.visualstudio.com/en-us/downloads/download-visual-studio-vs.aspx (as of writing: http://download.microsoft.com/download/D/2/3/D23F4D0F-BA2D-4600-8725-6CCECEA05196/vs_community_ENU.exe or http://download.microsoft.com/download/b/e/d/bedddfc4-55f4-4748-90a8-ffe38a40e89f/vs2015.3.com_enu.iso )
2. Download CMake via https://cmake.org/download/ back then https://cmake.org/files/v3.6/cmake-3.6.2-win64-x64.msi
3. Install and ensure to add CMake to the PATH for all users:

4. Run this script on a new command-line:

   git clone https://github.com/libssh2/libssh2.git
   pushd libssh2
   
   :: Try to force Static libraries (so VCRUNTIME140.DLL is not needed; hopefully this links libvcruntime.lib instead of vcruntime.lib)
   pushd cmake
   > c_flag_overrides.cmake type NUL
   >> c_flag_overrides.cmake echo    if(MSVC)
   >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
   >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
   >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
   >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
   >> c_flag_overrides.cmake echo    endif()
   
   > cxx_flag_overrides.cmake type NUL
   >> cxx_flag_overrides.cmake echo    if(MSVC)
   >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
   >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
   >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
   >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
   >> cxx_flag_overrides.cmake echo    endif()
   
   > MSVCC_static_linking.cmake type NUL
   >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE
   >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/c_flag_overrides.cmake)
   >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE_CXX
   >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/cxx_flag_overrides.cmake)
   
   >> max_warnings.cmake echo include(MSVCC_static_linking)
   popd
   
   :: the above trick with C*_FLAGS* doesn't work so go the PowerShell way of globally replacing the generated VC++ project files
   :: http://stackoverflow.com/questions/251557/escape-angle-brackets-in-a-windows-command-prompt
   > fix-vcxproj-files.ps1 type NUL
   >> fix-vcxproj-files.ps1 echo  $projectFiles = Get-ChildItem . *.vcxproj -Recurse
   >> fix-vcxproj-files.ps1 echo  foreach ($projectFile in $projectFiles) {
   >> fix-vcxproj-files.ps1 echo      (Get-Content $projectFile.PSPath).
   >> fix-vcxproj-files.ps1 echo        Replace('^<UseOfMfc^>false^</UseOfMfc^>', '^<UseOfMfc^>Static^</UseOfMfc^>').
   >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDebugDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreadedDebug^</RuntimeLibrary^>').
   >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreaded^</RuntimeLibrary^>') ^|
   >> fix-vcxproj-files.ps1 echo      Set-Content $projectFile.PSPath
   >> fix-vcxproj-files.ps1 echo  }
   
   mkdir buildWin64
   pushd buildWin64
   :: Generate build for MSVS 2015
   ::cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
   cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
   powershell -file ..\fix-vcxproj-files.ps1
   :: this fails bitching about v100 not being there:
   :: cmake --build . --config "Visual Studio 14 Win64"
   :: this just works:
   set Platform=
   call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
   call msbuild libssh2.sln /p:Configuration=Release /p:Platform=x64
   dumpbin /headers example\Release\libssh2.dll | find "machine"
   dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
   tdump64 example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
   popd
   
   mkdir buildWin32
   pushd buildWin32
   :: Generate build for MSVS 2015
   :: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
   cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
   powershell -file ..\fix-vcxproj-files.ps1
   set Platform=
   call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\vcvars32.bat"
   call msbuild libssh2.sln /p:Configuration=Release /p:Platform=Win32
   dumpbin /headers example\Release\libssh2.dll | find "machine"
   dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
   tdump example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
   popd
   
   popd

The above trick will create a libssh2.dll that is statically linked with libvcruntime.lib instead of vcruntime.lib which means you do not need to have VCRUNTIME140.DLL or VCRUNTIME140D.DLL on your system.

libssh2-build-with-openssl.bat

:: future: need x86 and x64 of zlib. only useful if you have very well compressible data.
:: git clone https://github.com/madler/zlib.git

:: prereqs are the full (not light!) Win32 and Win64 OpenSSL versions at http://slproweb.com/products/Win32OpenSSL.html
:: download both and install them (with `Copy the OpenSSL DLLs to:` option set to `The OpenSSL binaries (/bin) directory`) into:
:: - C:\OpenSSL-Win32
:: - C:\OpenSSL-Win64
::
:: Downloads at time of writing:
:: - http://slproweb.com/download/Win32OpenSSL-1_0_2j.exe
:: - http://slproweb.com/download/Win64OpenSSL-1_0_2j.exe

:: without OpenSSL, you will see these in the build logs and your sshlib2.dll will have limited algorithms:
::-- Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing:  OPENSSL_LIBRARIES) (found version "1.0.2h")
::-- Could NOT find Libgcrypt (missing:  LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)

:: Possibly no need for the environment variables as when installed, OpenSSL is detected automagically:
::-- Found OpenSSL: optimized;C:/OpenSSL-Win64/lib/ssleay32.lib;debug;C:/OpenSSL-Win64/lib/VC/ssleay32MDd.lib;optimized;C:/OpenSSL-Win64/lib/libeay32.lib;debug;C:/OpenSSL-Win64/lib/VC/libeay32MDd.lib (found version "1.0.2j")
::-- Found OpenSSL: optimized;C:/OpenSSL-Win32/lib/ssleay32.lib;debug;C:/OpenSSL-Win32/lib/VC/ssleay32MDd.lib;optimized;C:/OpenSSL-Win32/lib/libeay32.lib;debug;C:/OpenSSL-Win32/lib/VC/libeay32MDd.lib (found version "1.0.2j")
:: Although if we want static linking, we need the MTd and MT directories from OpenSSL

:: despite a few days of work, this batch file still procudes a libssh2.dll that depends on the OpenSSL DLLs
:: none of the tries to make stuff statically link the .lib files seem to work, though the VCRUNTIME140.DLL dependency is now gone.

:: cmake options: https://github.com/libssh2/libssh2/blob/master/docs/INSTALL_CMAKE

:: -D"ENABLE_ZLIB_COMPRESSION=ON"  requires ZLIB_LIBRARY to be defined
:: -D"CRYPTO_BACKEND=WinCNG" leaves out some ciphers (aes128-ctr, aes256-ctr, aes192-ctr) and MAC algorithms (hmac-ripemd160, hmac-ripemd160@openssh.com)
::   so you really don't want WinCNG
:: -D"CRYPTO_BACKEND=OpenSSL" needs LIBEAY*.DLL but includes more ciphers (aes128-ctr, aes256-ctr, aes192-ctr) and MAC algorithms (hmac-ripemd160, hmac-ripemd160@openssh.com)
:: could not find out how to use Libgcrypt or mbedTLS as the libssh2 build instructions are very limited
:: -D"BUILD_SHARED_LIBS=OFF" creates a .LIB; -D"BUILD_SHARED_LIBS=1" creates a .DLL
:: -D"BUILD_TESTING=OFF"
:: -D"BUILD_EXAMPLES=OFF"

:: WinCNG support https://stackoverflow.com/questions/31550993/git-ssh-in-visual-studio-2015/37010403#37010403


:: since we need environment variables
  setlocal

:: these require / slashes in the path names, not \ backslashes
:: simple reason: unix based build tools do not like Windows based path delimiters.
  set OpenSSLWin32Directory=C:/OpenSSL-Win32
  set OpenSSLWin64Directory=C:/OpenSSL-Win64

  if not exist libssh2\nul goto :libssh2NotYetExists
  :: * Win9x and others doesn't like ``EXISTS libssh2'' so change it to ``EXISTS libssh2\nul''.

  echo Directory libssh2 already exists; bailing out.
  goto :end
  
:libssh2NotYetExists

  if exist %OpenSSLWin32Directory%\nul goto :haveOpenSSLWin32
  echo Directory %OpenSSLWin32Directory% does not exist; bailing out.
  goto :end

:haveOpenSSLWin32
  
  if exist %OpenSSLWin64Directory%\nul goto :haveOpenSSLWin64
  echo Directory %OpenSSLWin64Directory% does not exist; bailing out.
  goto :end

:haveOpenSSLWin64

:: https://github.com/TrinityCore/TrinityCore/issues/9355#issuecomment-14487233
:: In Cmake GUI, click "Advanced", find "OPENSSL_INCLUDE_DIR" and change it to C:/OpenSSL-WinXX/include. 
:: Find "OPENSSL_ROOT_DIR" and change it to C:/OpenSSL-WinXX".
  set Win32OPENSSL_ROOT_DIR=%OpenSSLWin32Directory%
  set Win32OPENSSL_INCLUDE_DIR=%Win32OPENSSL_ROOT_DIR%/include
  set Win32OPENSSL_LIBRARIES=%Win32OPENSSL_ROOT_DIR%/lib/VC/static
  set Win64OPENSSL_ROOT_DIR=%OpenSSLWin64Directory%
  set Win64OPENSSL_INCLUDE_DIR=%Win64OPENSSL_ROOT_DIR%/include
  set Win64OPENSSL_LIBRARIES=%Win64OPENSSL_ROOT_DIR%/lib/VC/static
  
:: maybe extra variables are needed: 
:: - https://cmake.org/cmake/help/v3.0/module/FindOpenSSL.html
:: - http://stackoverflow.com/questions/16248775/cmake-not-able-to-find-openssl/27506352#27506352

:main
:: based on https://gist.github.com/jpluimers/2bf514d658488a7ddfc189b0677a3a57

  git clone https://github.com/libssh2/libssh2.git

  if  exist libssh2\nul goto :haveLibssh2
  echo libssh2 does not exist; bailing out.
  goto :end

:haveLibssh2
  pushd libssh2

  :: Try to force Static libraries (so VCRUNTIME140.DLL is not needed; hopefully this links libvcruntime.lib instead of vcruntime.lib)
  pushd cmake
  > c_flag_overrides.cmake type NUL
  >> c_flag_overrides.cmake echo    if(MSVC)
  >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
  >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
  >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
  >> c_flag_overrides.cmake echo        set(CMAKE_C_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
  >> c_flag_overrides.cmake echo    endif()

  > cxx_flag_overrides.cmake type NUL
  >> cxx_flag_overrides.cmake echo    if(MSVC)
  >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_DEBUG_INIT "/D_DEBUG /MTd /Zi /Ob0 /Od /RTC1")
  >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_MINSIZEREL_INIT     "/MT /O1 /Ob1 /D NDEBUG")
  >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELEASE_INIT        "/MT /O2 /Ob2 /D NDEBUG")
  >> cxx_flag_overrides.cmake echo        set(CMAKE_CXX_FLAGS_RELWITHDEBINFO_INIT "/MT /Zi /O2 /Ob1 /D NDEBUG")
  >> cxx_flag_overrides.cmake echo    endif()

  > MSVCC_static_linking.cmake type NUL
  >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE
  >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/c_flag_overrides.cmake)
  >> MSVCC_static_linking.cmake echo set(CMAKE_USER_MAKE_RULES_OVERRIDE_CXX
  >> MSVCC_static_linking.cmake echo    ${CMAKE_CURRENT_SOURCE_DIR}/cmake/cxx_flag_overrides.cmake)

  >> max_warnings.cmake echo include(MSVCC_static_linking)
  popd

  :: the above trick with C*_FLAGS* doesn't work so go the PowerShell way of globally replacing the generated VC++ project files
  :: http://stackoverflow.com/questions/251557/escape-angle-brackets-in-a-windows-command-prompt
  > fix-vcxproj-files.ps1 type NUL
  >> fix-vcxproj-files.ps1 echo  $projectFiles = Get-ChildItem . *.vcxproj -Recurse
  >> fix-vcxproj-files.ps1 echo  foreach ($projectFile in $projectFiles) {
  >> fix-vcxproj-files.ps1 echo      (Get-Content $projectFile.PSPath).
  >> fix-vcxproj-files.ps1 echo        Replace('^<UseOfMfc^>false^</UseOfMfc^>', '^<UseOfMfc^>Static^</UseOfMfc^>').
  >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDebugDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreadedDebug^</RuntimeLibrary^>').
  >> fix-vcxproj-files.ps1 echo        Replace('^<RuntimeLibrary^>MultiThreadedDLL^</RuntimeLibrary^>', '^<RuntimeLibrary^>MultiThreaded^</RuntimeLibrary^>') ^|
  >> fix-vcxproj-files.ps1 echo      Set-Content $projectFile.PSPath
  >> fix-vcxproj-files.ps1 echo  }
  :: maybe OPENSSL_MSVC_STATIC_RT works beter: try this in the future, maybe combined with OPENSSL_USE_STATIC_LIBS. See https://cmake.org/cmake/help/v3.5/module/FindOpenSSL.html
  
  mkdir buildWin64
  pushd buildWin64
  
::  set OPENSSL_ROOT_DIR=%Win64OPENSSL_ROOT_DIR%
::  set OPENSSL_INCLUDE_DIR=%Win64OPENSSL_INCLUDE_DIR%
::  set OPENSSL_LIBRARIES=%Win64OPENSSL_LIBRARIES%  
  
  :: Generate build for MSVS 2015
  ::cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
::  cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" 
:: with OpenSSL DLL:
::  cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" 
  cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_USE_STATIC_LIBS=TRUE" -D"OPENSSL_MSVC_STATIC_RT=TRUE"
::  cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_ROOT_DIR=%OPENSSL_ROOT_DIR%" -D"OPENSSL_LIBRARIES=%OPENSSL_LIBRARIES%"
::  cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=WinCNG" 

  :: needs to be after the above cmake as that one generates the vcxproj files  
  powershell -file ..\fix-vcxproj-files.ps1
 
  :: this fails bitching about v100 not being there:
  :: cmake --build . --config "Visual Studio 14 Win64"
  :: this just works:
  set Platform=
  call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
  call msbuild libssh2.sln /p:Configuration=Release /p:Platform=x64
  :: to find out various build aspects (like imports from VCRUNTIME140 and oher DLLs)
  dumpbin /headers example\Release\libssh2.dll | find "machine"
  dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
  tdump64 example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
  popd
  
  mkdir buildWin32
  pushd buildWin32

::  set OPENSSL_ROOT_DIR=%Win32OPENSSL_ROOT_DIR%
::  set OPENSSL_INCLUDE_DIR=%Win32OPENSSL_INCLUDE_DIR%
::  set OPENSSL_LIBRARIES=%Win32OPENSSL_LIBRARIES%
  
  :: Generate build for MSVS 2015
  :: cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"OPENSSL_ROOT_DIR=../../openssl" -D"OPENSSL_LIBRARIES=../../openssl/ssl"
::  cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release"
:: with OpenSSL DLL:
::  cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" 
  cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_USE_STATIC_LIBS=TRUE" -D"OPENSSL_MSVC_STATIC_RT=TRUE"
::  cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=OpenSSL" -D"OPENSSL_ROOT_DIR=%OPENSSL_ROOT_DIR%" -D"OPENSSL_LIBRARIES=%OPENSSL_LIBRARIES%"
::  cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1" -D"CMAKE_BUILD_TYPE=Release" -D"CRYPTO_BACKEND=WinCNG" 

  :: needs to be after the above cmake as that one generates the vcxproj files  
  powershell -file ..\fix-vcxproj-files.ps1

  set Platform=
  call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\vcvars32.bat"
  call msbuild libssh2.sln /p:Configuration=Release /p:Platform=Win32
  :: to find out various build aspects (like imports from VCRUNTIME140 and oher DLLs)
  dumpbin /headers example\Release\libssh2.dll | find "machine"
  dumpbin /all example\Release\libssh2.dll > example\Release\libssh2.dll.dumpbin.txt
  tdump example\Release\libssh2.dll > example\Release\libssh2.dll.tdump.txt
  popd

  popd

:end
  endlocal

test-results.rst

Summary of testing libssh2 client against opensuse Tumbleweed openssh server

• Server side opensuse Tumbleweed with sshd OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
  • default mode (no modifications in /etc/ssh/sshd_config)
  • secure mode (applying https://github.com/comotion/gone/blob/github/modules/ssh)
• Client side Windowx 86 with x86 libssh2 dll versions
  • libssh2_1.2.6
  • libssh2_1.7.0_DEV (without OpenSSL means WinCNG)
  • libssh2_1.8.1_DEV (without OpenSSL means WinCNG; with OpenSSL has more ciphers/MACs but requires extra DLLs)

Summary:

• plain libssh2_1.7.0_DEV and libssh2_1.8.1_DEV won't connect to default/secure sshd as there is no matching cipher (so key exchange is working)
• libssh2_1.2.6 only connects to default as secure has too few ciphers
• secure sshd with added aes256-cbc might work for the plain libssh2 DLLs, but there are aes-cbc attacks since 2008: http://www.kb.cert.org/vuls/id/958563
• libssh2_1.8.1_DEV with OpenSSL connects fine

https://www.libssh2.org/

Capabilities and Features

• Key Exchange Methods: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256
• Hostkey Types: ssh-rsa, ssh-dss
• Ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, arcfour128, none
• Compression Schemes: zlib, zlib@openssh.com, none
• MAC hashes: hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160 (hmac-ripemd160@openssh.com), none
• Authentication: none, password, public-key, hostbased, keyboard-interactive
• Channels: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem
• Global Requests: tcpip-forward
• Channel Requests: x11, pty, exit-signal, keepalive@openssh.com
• Subsystems: sftp(version 3), publickey(version 2)
• SFTP: statvfs@openssh.com, fstatvfs@openssh.com
• Thread-safe: just don't share handles simultaneously
• Non-blocking: it can be used both blocking and non-blocking
• Your sockets: the app hands over the socket, calls select() etc.
• Crypto backends: OpenSSL, libgcrypt, mbedTLS or WinCNG (native since Windows Vista): builds with either

(table made with http://table-editor.com)

category/comment	sshd secure	sshd default	secure to libssh2_1.2.6	secure to libssh2_1.7.0_DEV	default to libssh2_1.2.6	default to libssh2_1.7.0_DEV	** https://www.libssh2.org/ **	libssh2_1.8.1_DEV WinCNG	libssh2_1.8.1_DEV OpenSSL 1.0.2.j
kex_algorithms
	curve25519-sha256@libssh.org	curve25519-sha256@libssh.org
		ecdh-sha2-nistp256
		ecdh-sha2-nistp384
		ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256	diffie-hellman-group-exchange-sha256		diffie-hellman-group-exchange-sha256		diffie-hellman-group-exchange-sha256	diffie-hellman-group-exchange-sha256	diffie-hellman-group-exchange-sha256	diffie-hellman-group-exchange-sha256
--> note different order (libssh2)				diffie-hellman-group-exchange-sha1		diffie-hellman-group-exchange-sha1	diffie-hellman-group-exchange-sha1	diffie-hellman-group-exchange-sha1	diffie-hellman-group-exchange-sha1
		diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1	diffie-hellman-group14-sha1
--> note different order (libssh2)			diffie-hellman-group-exchange-sha1		diffie-hellman-group-exchange-sha1
			diffie-hellman-group1-sha1	diffie-hellman-group1-sha1	diffie-hellman-group1-sha1	diffie-hellman-group1-sha1	diffie-hellman-group1-sha1	diffie-hellman-group1-sha1	diffie-hellman-group1-sha1
server_host_key_algorithms
	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa	ssh-rsa
	rsa-sha2-512	rsa-sha2-512
	rsa-sha2-256	rsa-sha2-256
	ssh-dss	ssh-dss	ssh-dss	ssh-dss	ssh-dss	ssh-dss	ssh-dss	ssh-dss	ssh-dss
	ecdsa-sha2-nistp256	ecdsa-sha2-nistp256
	ssh-ed25519	ssh-ed25519
encryption_algorithms (ciphers)
	chacha20-poly1305@openssh.com	chacha20-poly1305@openssh.com
--> note different order (secure/default)	aes256-ctr	aes128-ctr	aes128-ctr		aes128-ctr		aes128-ctr		aes128-ctr
--> note different order (secure/default)	aes192-ctr	aes192-ctr	aes192-ctr		aes192-ctr		aes192-ctr		aes192-ctr
--> note different order (secure/default)	aes128-ctr	aes256-ctr	aes256-ctr		aes256-ctr		aes256-ctr		aes256-ctr
		aes128-gcm@openssh.com
		aes256-gcm@openssh.com
			aes256-cbc	aes256-cbc	aes256-cbc	aes256-cbc	aes256-cbc (rijndael-cbc@lysator.liu.se)	aes256-cbc	aes256-cbc
			rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se	rijndael-cbc@lysator.liu.se
			aes192-cbc	aes192-cbc	aes192-cbc	aes192-cbc	aes192-cbc	aes192-cbc	aes192-cbc
			aes128-cbc	aes128-cbc	aes128-cbc	aes128-cbc	aes128-cbc	aes128-cbc	aes128-cbc
			blowfish-cbc		blowfish-cbc		blowfish-cbc		blowfish-cbc
			arcfour128	arcfour128	arcfour128	arcfour128	arcfour128	arcfour128	arcfour128
			arcfour	arcfour	arcfour	arcfour	arcfour	arcfour	arcfour
			cast128-cbc		cast128-cbc		cast128-cbc		cast128-cbc
			3des-cbc	3des-cbc	3des-cbc	3des-cbc	3des-cbc	3des-cbc	3des-cbc
							none		none
mac_algorithms
		umac-64-etm@openssh.com
--> note different order (secure/default)		umac-128-etm@openssh.com
--> note different order (secure/default)	hmac-sha2-512-etm@openssh.com
	hmac-sha2-256-etm@openssh.com	hmac-sha2-256-etm@openssh.com
--> note different order (secure/default)		hmac-sha2-512-etm@openssh.com
	hmac-ripemd160-etm@openssh.com
		hmac-sha1-etm@openssh.com
--> note different order (server/client)				hmac-sha2-256		hmac-sha2-256	hmac-sha2-256	hmac-sha2-256	hmac-sha2-256
--> note different order (server/client)				hmac-sha2-512		hmac-sha2-512	hmac-sha2-512	hmac-sha2-512	hmac-sha2-512
			hmac-sha1	hmac-sha1	hmac-sha1	hmac-sha1	hmac-sha1	hmac-sha1	hmac-sha1
			hmac-sha1-96	hmac-sha1-96	hmac-sha1-96	hmac-sha1-96	hmac-sha1-96	hmac-sha1-96	hmac-sha1-96
--> note different order (secure/default)	umac-128-etm@openssh.com
		umac-64@openssh.com
--> note different order (secure/default)		umac-128@openssh.com
--> note different order (secure/default)	hmac-sha2-512
	hmac-sha2-256	hmac-sha2-256
--> note different order (secure/default)		hmac-sha2-512
			hmac-md5	hmac-md5	hmac-md5	hmac-md5	hmac-md5	hmac-md5	hmac-md5
			hmac-md5-96	hmac-md5-96	hmac-md5-96	hmac-md5-96	hmac-md5-96	hmac-md5-96	hmac-md5-96
	hmac-ripemd160		hmac-ripemd160		hmac-ripemd160		hmac-ripemd160 (hmac-ripemd160@openssh.com)		hmac-ripemd160
--> note different order (secure/default)	umac-128@openssh.com
		hmac-sha1
			hmac-ripemd160@openssh.com		hmac-ripemd160@openssh.com		hmac-ripemd160@openssh.com		hmac-ripemd160@openssh.com
							none
compression_algorithms
	none	none					none
	zlib@openssh.com	zlib@openssh.com					zlib@openssh.com
							zlib
VERDICT			no matching key exchange method found	no matching cipher found; kex: diffie-hellman-group-exchange-sha256 with ssh-rsa	cipher: aes128-ctr; MAC: hmac-sha1; compression: none; kex: diffie-hellman-group14-sha1 with ssh-rsa	no matching cipher found; kex diffie-hellman-group-exchange-sha256 with: ssh-rsa			kex: diffie-hellman-group14-sha1 with ssh-rsa; cipher: aes128-ctr; MAC: hmac-sha1