Fix hardcoded public key auth negotiation (#294)

tomknig · web-flow · commit 2bfe4260f392 · 2024-06-02T14:15:20.000+02:00
Authentication using RSA public keys was incorrectly hardcoded to use
`ssh-rsa`, i.e., SHA1. This led to public keys set up to use
`rsa-sha2-256` or `rsa-sha2-512` falling back to `ssh-rsa` and being
rejected by modern SSH servers that are configured not to support SHA1
by default.

The solution derives the hash name from the public key instead of
hardcoding it.
diff --git a/russh/src/negotiation.rs b/russh/src/negotiation.rs
@@ -138,13 +138,12 @@ impl Named for () {
 }
 
 use russh_keys::key::ED25519;
-use russh_keys::key::SSH_RSA;
 
 impl Named for PublicKey {
     fn name(&self) -> &'static str {
         match self {
             PublicKey::Ed25519(_) => ED25519.0,
-            PublicKey::RSA { .. } => SSH_RSA.0,
+            PublicKey::RSA { ref hash, .. } => hash.name().0,
             PublicKey::EC { ref key } => key.algorithm(),
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -138,13 +138,12 @@ impl Named for () {`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`use russh_keys::key::ED25519;`
`141`		`-use russh_keys::key::SSH_RSA;`
`142`	`141`
`143`	`142`	`impl Named for PublicKey {`
`144`	`143`	`fn name(&self) -> &'static str {`
`145`	`144`	`match self {`
`146`	`145`	`PublicKey::Ed25519(_) => ED25519.0,`
`147`		`- PublicKey::RSA { .. } => SSH_RSA.0,`
	`146`	`+ PublicKey::RSA { ref hash, .. } => hash.name().0,`
`148`	`147`	`PublicKey::EC { ref key } => key.algorithm(),`
`149`	`148`	`}`
`150`	`149`	`}`