HostKeyEventArgs.HostKeyName has changed in 2023.0.0

[a-jackson]

In the HostKeyReceived event the HostKeyName used to be ssh-rsa but now it is rsa-ssh2-512. It appears this was changed in #1177.

Is this an intentional change because the host key hasn't changed and the fingerprint hasn't changed. ssh -vv hosts the host key with the same name as before, ssh-rsa.

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:f8Hzxi2hS8V+rKQxjyHwUmBcOmK/9A4E3YzMY9oLT+Q

[Rob-Hague]

Intentional, maybe? HostKeyName is not really documented but currently returns the signature format identifier which is usually the same as the key format identifier: the key format identifier for RSA keys is ssh-rsa and the signature format identifier for a SHA1 signature is also ssh-rsa.

1177 tells the server that we would prefer to validate the host key with a SHA2 signature AKA the signature format identifiers rsa-sha2-256 and rsa-sha2-512 which is what your server has given us.

As to whether HostKeyName should return the key format identifier or signature format identifier, I don't really know. What do you use it for?

[a-jackson]

We compare the name, length and fingerprint match against what we expect for each connection to set CanTrust and so with this change the name no longer matches. Probably not really necessary to compare more than the fingerprint though 🤷

[Rob-Hague]

Indeed, the SHA2 fingerprint is enough (HostKeyEventArgs.FingerPrintSHA256). That would be the easiest fix here, until someone willing is convinced HostKeyName should change.