Authenticate with ssh-rsa by default #1283
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
... to appease servers which disconnect rather than send SSH_MSG_USERAUTH_FAILURE when they do not support sha2 signatures for client authentication (and who may or may not have otherwise sent the server-sig-algs extension which we do not currently implement).
It will still use a sha2 signature if the server does not allow ssh-rsa and sends SSH_MSG_USERAUTH_FAILURE. I would think a server which disables ssh-rsa would be more friendly/compliant than those which disconnect rather than sending SSH_MSG_USERAUTH_FAILURE (i.e. the risk of the opposite now happening, where a server disconnects on receiving ssh-rsa, is low - it is going back to the behaviour as before #1177).
See #1233 (comment) for further discussion
Fixes #1233