HostKeyAlgorithms: add rsa-sha2-256 and rsa-sha2-512 for ssh-rsa

[lonnywong]

• Related to https://github.com/trzsz/trzsz-ssh/issues/93

• Steps to reproduce:

  • Change /etc/ssh/sshd_config on the ssh server, add a configuration:

    HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256

  • Restart the ssh server service ssh restart.
  • Delete the known host items of the server in ~/.ssh/known_hosts on the client.
  • Log in to the server using go ssh client, which should add a ssh-rsa item to ~/.ssh/known_hosts.
  • Log in to the server using go ssh client again, an error will occur:

    client offered: [ssh-rsa], server offered: [rsa-sha2-512 rsa-sha2-256]

[evanelias]

Great debugging and fix, thank you @lonnywong, this is excellent!

One minor nit: should the 3 resulting rsa entries get returned in the opposite order, so that the most-secure algorithm gets listed first? I'm pondering this since ssh.ClientConfig.HostKeyAlgorithms is a sorted list by preference, first match between client and server wins. In other words, instead of expanding the rsa key's algorithms to "ssh-rsa", "rsa-sha2-256", "rsa-sha2-512", should it be ordered like "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa" ?

To be clear, aside from how we expand ssh-rsa knownhosts entries, we can keep all other ordering as-is: that is, the returned order just matches the order of the entries in the knownhosts file.

Separately, CI is failing because of something with golint, probably because the Go version I have in the GitHub Actions config is old. I'll try bumping that version on my end momentarily; or if that fails I'll just finally remove golint since it is deprecated/unmaintained.

[evanelias]

update: CI is now fixed on main branch, if you rebase your PR against latest main commit it should hopefully work now 👍

[lonnywong]

@evanelias Now, the order is rsa-sha2-512, rsa-sha2-256, ssh-rsa.

[evanelias]

Thanks, looks perfect! Merging momentarily and tagging a new version.