Reject unsupported key types instead of failing (#352)

nbdd0121 · web-flow · commit f587d13a6dce · 2024-09-22T11:26:52.000+02:00
Currently russh doesn't support ED25519/ECDSA-SK keys, but OpenSSH will
attempt to use them anyway. Key parse will then fail, killing the
session.

This should be treated as-if auth_publickey_offered rejects the key.
diff --git a/russh/src/server/encrypted.rs b/russh/src/server/encrypted.rs
@@ -519,7 +519,9 @@ impl Encrypted {
                     Ok(())
                 }
             }
-            Err(russh_keys::Error::CouldNotReadKey) | Err(russh_keys::Error::KeyIsCorrupt) => {
+            Err(russh_keys::Error::CouldNotReadKey)
+            | Err(russh_keys::Error::KeyIsCorrupt)
+            | Err(russh_keys::Error::UnsupportedKeyType { .. }) => {
                 reject_auth_request(until, &mut self.write, auth_request).await;
                 Ok(())
             }

Original file line number	Diff line number	Diff line change
`@@ -519,7 +519,9 @@ impl Encrypted {`
`519`	`519`	`Ok(())`
`520`	`520`	`}`
`521`	`521`	`}`
`522`		`- Err(russh_keys::Error::CouldNotReadKey) \| Err(russh_keys::Error::KeyIsCorrupt) => {`
	`522`	`+ Err(russh_keys::Error::CouldNotReadKey)`
	`523`	`+ \| Err(russh_keys::Error::KeyIsCorrupt)`
	`524`	`+ \| Err(russh_keys::Error::UnsupportedKeyType { .. }) => {`
`523`	`525`	`reject_auth_request(until, &mut self.write, auth_request).await;`
`524`	`526`	`Ok(())`
`525`	`527`	`}`