diff --git a/ChangeLog b/ChangeLog
index 40381ec6f..514d8ab50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@
    - markus@cvs.openbsd.org 2002/11/21 22:22:50
      [dh.c]
      debug->debug2
+   - markus@cvs.openbsd.org 2002/11/21 22:45:31
+     [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
+     debug->debug2, unify debug messages
 
 20021205
  - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
@@ -848,4 +851,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2518 2002/12/23 02:03:02 mouring Exp $
+$Id: ChangeLog,v 1.2519 2002/12/23 02:04:22 mouring Exp $
diff --git a/cipher.c b/cipher.c
index 1933d3eab..b5d38747e 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
 		    cipher->name);
 	klen = EVP_CIPHER_CTX_key_length(&cc->evp);
 	if (klen > 0 && keylen != klen) {
-		debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
+		debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
 		if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
 			fatal("cipher_init: set keylen failed (%d -> %d)",
 			    klen, keylen);
diff --git a/kex.c b/kex.c
index bdbf3882c..113663598 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.52 2002/11/21 22:45:31 markus Exp $");
 
 #include <openssl/crypto.h>
 
@@ -135,7 +135,7 @@ kex_finish(Kex *kex)
 	/* packet_write_wait(); */
 	debug("SSH2_MSG_NEWKEYS sent");
 
-	debug("waiting for SSH2_MSG_NEWKEYS");
+	debug("expecting SSH2_MSG_NEWKEYS");
 	packet_read_expect(SSH2_MSG_NEWKEYS);
 	packet_check_eom();
 	debug("SSH2_MSG_NEWKEYS received");
@@ -433,7 +433,7 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
 	for (i = 0; i < NKEYS; i++)
 		keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
 
-	debug("kex_derive_keys");
+	debug2("kex_derive_keys");
 	for (mode = 0; mode < MODE_MAX; mode++) {
 		current_keys[mode] = kex->newkeys[mode];
 		kex->newkeys[mode] = NULL;
diff --git a/packet.c b/packet.c
index 6400ad9b1..0a8baa5b2 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.99 2002/11/04 10:09:51 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.100 2002/11/21 22:45:31 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -564,7 +564,7 @@ set_newkeys(int mode)
 	CipherContext *cc;
 	int encrypt;
 
-	debug("newkeys: mode %d", mode);
+	debug2("set_newkeys: mode %d", mode);
 
 	if (mode == MODE_OUT) {
 		cc = &send_context;
@@ -574,7 +574,7 @@ set_newkeys(int mode)
 		encrypt = CIPHER_DECRYPT;
 	}
 	if (newkeys[mode] != NULL) {
-		debug("newkeys: rekeying");
+		debug("set_newkeys: rekeying");
 		cipher_cleanup(cc);
 		enc  = &newkeys[mode]->enc;
 		mac  = &newkeys[mode]->mac;
diff --git a/sshconnect.c b/sshconnect.c
index 776d72065..f99fe0257 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.136 2002/11/21 22:45:31 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -247,7 +247,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 	 */
 	int full_failure = 1;
 
-	debug("ssh_connect: needpriv %d", needpriv);
+	debug2("ssh_connect: needpriv %d", needpriv);
 
 	/* Get default port if port has not been set. */
 	if (port == 0) {
diff --git a/sshconnect2.c b/sshconnect2.c
index 703d0721f..755be5cca 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.108 2002/11/21 22:45:31 markus Exp $");
 
 #include "ssh.h"
 #include "ssh2.h"
@@ -128,7 +128,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 	packet_send();
 	packet_write_wait();
 #endif
-	debug("done: ssh_kex2.");
 }
 
 /*
@@ -224,24 +223,23 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
 
-	debug("send SSH2_MSG_SERVICE_REQUEST");
 	packet_start(SSH2_MSG_SERVICE_REQUEST);
 	packet_put_cstring("ssh-userauth");
 	packet_send();
+	debug("SSH2_MSG_SERVICE_REQUEST sent");
 	packet_write_wait();
 	type = packet_read();
-	if (type != SSH2_MSG_SERVICE_ACCEPT) {
-		fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
-	}
+	if (type != SSH2_MSG_SERVICE_ACCEPT)
+		fatal("Server denied authentication request: %d", type);
 	if (packet_remaining() > 0) {
 		char *reply = packet_get_string(NULL);
-		debug("service_accept: %s", reply);
+		debug2("service_accept: %s", reply);
 		xfree(reply);
 	} else {
 		debug("buggy server: service_accept w/o service");
 	}
 	packet_check_eom();
-	debug("got SSH2_MSG_SERVICE_ACCEPT");
+	debug("SSH2_MSG_SERVICE_ACCEPT received");
 
 	if (options.preferred_authentications == NULL)
 		options.preferred_authentications = authmethods_get();