diff --git a/ssh-transport.rkt b/ssh-transport.rkt
index 79c23e8..66d7d34 100644
--- a/ssh-transport.rkt
+++ b/ssh-transport.rkt
@@ -574,11 +574,6 @@
      ((memq (car client-list) server-list) (car client-list))
      (else (loop (cdr client-list))))))
 
-(define (check-host-key! host-key)
-  ;; TODO: If we are *re*keying, worth checking here that the key hasn't *changed* either.
-  (write `(TODO check-host-key! ,(hex (bit-string->bytes host-key)))) (newline) (flush-output)
-  (void))
-
 ;; ExchangeHashInfo Bytes Natural Natural Natural -> Bytes
 ;; Computes the session ID as defined by SSH's DH key exchange method.
 (define (dh-exchange-hash hash-info host-key e f k)
@@ -657,17 +652,19 @@
 			(define f-as-bytes (integer->bit-string f (* 8 f-width) #t))
 			(define shared-secret (compute-key private-key f-as-bytes))
 			(define hash-alg sha1)
+			(define host-key-bytes (ssh-msg-kexdh-reply-host-key message))
+			(define host-public-key
+			  (pieces->public-key (ssh-host-key->pieces host-key-bytes)))
 			(define exchange-hash
 			  (dh-exchange-hash hash-info
-					    (ssh-msg-kexdh-reply-host-key message)
+					    host-key-bytes
 					    public-key-as-integer
 					    f
 					    (bit-string->integer shared-secret #t #f)))
-			;; (pretty-print `((public-key ,(hex public-key))
-			;; 		(f-as-bytes ,(hex f-as-bytes))
-			;; 		(shared-secret ,(hex shared-secret))
-			;; 		(exchange-hash ,(hex exchange-hash))))
-			(check-host-key! (ssh-msg-kexdh-reply-host-key message))
+			(verify-host-key-signature! host-public-key
+						    host-key-alg
+						    exchange-hash
+						    (ssh-msg-kexdh-reply-h-signature message))
 			(finish shared-secret exchange-hash hash-alg conn))))
     (else (disconnect-with-error SSH_DISCONNECT_KEY_EXCHANGE_FAILED
 				 "Bad key-exchange algorithm ~v" kex-alg))))
@@ -709,7 +706,7 @@
   (define hmac ((supported-hmac-factory hmac-description)
 		(derive-key (if c2s #"E" #"F") (supported-hmac-key-length hmac-description))))
 
-  (pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
+  ;;(pretty-print `(,is-server? ,(if c2s 'c2s 's2c) ,enc ,mac))
   (struct-copy stream-state state
 	       [cipher cipher]
 	       [cipher-description cipher-description]
@@ -770,12 +767,18 @@
 	       (guess-matches? s2c-zip ssh-msg-kexinit-compression_algorithms_server_to_client)))))
 
   (define (continue-after-discard conn)
-    (define hash-info (exchange-hash-info (connection-local-id conn)
-					  (connection-remote-id conn)
-					  encoded-local-algs
-					  encoded-remote-algs))
-    ((if is-server? perform-server-key-exchange perform-client-key-exchange)
-     hash-info
+    ((if is-server?
+	 perform-server-key-exchange
+	 perform-client-key-exchange)
+     (if is-server?
+	 (exchange-hash-info (connection-remote-id conn)
+			     (connection-local-id conn)
+			     encoded-remote-algs
+			     encoded-local-algs)
+	 (exchange-hash-info (connection-local-id conn)
+			     (connection-remote-id conn)
+			     encoded-local-algs
+			     encoded-remote-algs))
      kex-alg
      host-key-alg
      conn
@@ -1004,5 +1007,6 @@
     (let-values (((i o) (tcp-accept s)))
       (ssh-session 'server i o))))
 
-;;(t-client)
-(t-server)
\ No newline at end of file
+(if (getenv "servermode")
+    (t-server)
+    (t-client))