Disable ssh-rsa (RSA/SHA1) signature scheme by default

[norrisjeremy]

OpenSSH has stated in the release notes for version 8.7 that they will finally disable the ssh-rsa (RSA/SHA1) signature scheme by default in their next release (see openssh/openssh-portable@2344750).

Since SHA-1 is no longer considered cryptographically secure, I think we should follow suit at some point in the near future, so that JSch provides sensible defaults that are aligned with general security practices.

This would not unequivocally disable the use of ssh-rsa type keys themselves, as they can still be utilized with the rsa-sha2-256 (RSA/SHA256) & rsa-sha2-512 (RSA/SHA512) signature schemes.

Additionally users would still be able to programmatically reenable the ssh-rsa (RSA/SHA1) signature scheme if needed via the server_host_key & PubkeyAcceptedAlgorithms config options (or jsch.server_host_key & jsch.client_pubkey system properties).

[norrisjeremy]

FYI, OpenSSH version 8.8 was released last week and includes the change to disable ssh-rsa (RSA/SHA1) signatures by default.

[norrisjeremy]

@mwiede What are your thoughts on disabling RSA/SHA1 by default to follow OpenSSH's lead?

[mwiede]

@norrisjeremy yes, we should do it with one of the next releases. We should prepare a little more information, that this change might affect many users with old systems.
Maybe we think about making a 0.2.x version to express that "major" change. I always thought about changing the versioning to make it more visible, that this library has its own lifecycle.

[norrisjeremy]

Ok, changing the version number to something like 0.2.x sounds like a good idea when we make this change.

[mwiede]

Interesting blog post on this topic from github https://github.blog/2021-09-01-improving-git-protocol-security-github/