hannesm
commented
4 years ago there was a single wrong emission of ssh-rsa for the userauth request in wire.ml (Msg_userauth_request) which I force-pushed -> now userauth can actually use sha2 as well (but to be nice, we should implement the extension mechanism and see whether the server supports sha2 in client key authentication) -- OTOH the likeliness if the server uses SHA2 for their RSA hostkey, they'll be able to deal with a SHA2 signature of the client authentication key, is rather high - and may be a worthwhile shortcut (also: less round trips, avoiding further complications in the state machine).
done below in bba4f44
client authentication with RSA keys still use SHA1, since RFC 8308 (extensions) need to be implemented before SHA-2 algorithms can be used.