diff --git a/data/auth.sqlite b/data/auth.sqlite
index 3e7f0cd..afccceb 100644
Binary files a/data/auth.sqlite and b/data/auth.sqlite differ
diff --git a/markbase-core/src/ssh_server/kex_complete.rs b/markbase-core/src/ssh_server/kex_complete.rs
index 2355403..0c1586d 100644
--- a/markbase-core/src/ssh_server/kex_complete.rs
+++ b/markbase-core/src/ssh_server/kex_complete.rs
@@ -44,13 +44,29 @@ impl KexState {
     }
     
     /// 保存KEXINIT payloads（用于Exchange Hash计算）
+    /// 
+    /// 分析OpenSSH源码后的结论：
+    /// - kex->peer存储的是：incoming_packet剩余内容（payload fields + padding）
+    /// - kex->my存储的是：prop2buf()结果（payload fields，不包括padding）
+    /// 
+    /// **但exchange hash必须使用相同的I_C/I_S！**
+    /// 
+    /// 疑问：OpenSSH如何确保client和server使用相同的padding？
+    /// 可能答案：OpenSSH在计算exchange hash时，不包括padding？
+    /// 
+    /// 暂时保持不包括padding（因为签名验证之前成功）
     pub fn save_kexinit_payloads(
         &mut self,
         client_kexinit: &SshPacket,
         server_kexinit: &SshPacket,
     ) {
+        // Only save payload (without padding) for now
         self.client_kexinit_payload = client_kexinit.payload.clone();
         self.server_kexinit_payload = server_kexinit.payload.clone();
+        
+        info!("Saved KEXINIT payloads (payload only, no padding)");
+        info!("  client payload: {} bytes", self.client_kexinit_payload.len());
+        info!("  server payload: {} bytes", self.server_kexinit_payload.len());
     }
     
     /// 计算Exchange Hash（参考OpenSSH kex.c: kex_hash()）