Open
Description
When a server provides both a DSA host key and an ED25519 host key, the Go ssh library will select DSA instead. But DSA has been deprecated in OpenSSH (and in other libraries, I suppose).
This is because in crypto/ssh/common.go, ED25519 is at the end of supportedHostKeyAlgos
, which is supposed to be in preference order:
var supportedHostKeyAlgos = []string{
CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01,
CertSigAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01,
CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01,
KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521,
SigAlgoRSASHA2512, SigAlgoRSASHA2256,
SigAlgoRSA, KeyAlgoDSA,
KeyAlgoED25519, // <-- lowest preference, unlike the other algo list constants that place ED25519 much higher
}