Added rsa-sha-xxx key sig support

[Eugeny]

Sign SSH_MSG_USERAUTH_REQUEST with rsa-sha256 / rsa-sha512 if the server advertises support for either in serverHostKey

Fixes #989

[alanhg]

Hope to be merged soon

[Badestrand]

Any progress here? Sorry, I don't want to sound rude, I am just in need of this fix 😃

[mscdex]

No, I haven't had time to re-review the whole situation in light of this as far as finding the best solution going forward.

[Badestrand]

Hmm I understand. Especially if you are looking to find a generalized solution that covers all cases, especially The RFCs mention that if the server doesn't send a signature algorithm list or doesn't support the extension negotiation mechanism at all.

However in this pull request I think only the very specific case is covered where the user gave a ssh-rsa and the server asks for a rsa-sha2-256/512 key.

So this pull request doesn't cover the entire problem BUT it might cover 80% of all problematic use cases that we have today. I mean, right now one can not even connect to a standard Ubuntu 22.04 box, and that would be solved by the PR. We could merge the pull request and leave the rest of the problem, like an empty or omitted algo list, for later.

[gpetrov]

Yes @mscdex please consider merging this pr asap as ssh2 can't currently connect to all new Ubuntu 22 installs while regular ssh have no problems at all. So it is a big issue for us.

[kirill-ivlev]

@mscdex any updates or plans on this PR?

[mscdex]

@kirill-ivlev No, nothing has changed since my previous comment.

[Badestrand]

For everyone looking for a solution in the meantime, I forked this repo, applied this pull request and published it on npm as ssh2-fix-1200.

So you can do

npm uninstall --save ssh2
npm install --save ssh2-1200-fix

and in your code change import SSH2 from 'ssh2' to import SSH2 from 'ssh2-1200-fix'.

You can easily change it back later when the main repository here is updated.

[thimpat]

Hi @Badestrand,

The module ssh2-1200-fix seems to work with the latest Ubuntu versions (The original module fails).
However, no license file prevents binding the module to other projects. Will you update the module with a license file? It would be great if that was possible. Thank you.

[dalisoft]

Could be nice to this module/PR merged

[zWingz]

I have the same problem. Hope to be merged soon

[addaleax]

@mscdex Would it be acceptable to merge this if it was behind an opt-in flag? It would be very nice to see something along these lines happen as newer OpenSSH server versions see broader adoption.

[mscdex]

Please see my comment here.