OpenSSH migrated the ssh-rsa key type, which historically used the ssh-rsa signature algorithm based on SHA-1, to the new rsa-sha2-256 and rsa-sha2-512 signature algorithms.
x/crypto/ssh was not ready for the key type / signature algorithm mismatch, so it needs a few changes. Moreover, OpenSSH implemented a few mechanisms at the same time to enable the rollout, which we need to assess and expose.
This is a tracking issue for the effort in general. Here's a list of not-duplicate related issues:
We'll also need some tests against OpenSSH proper, like the crypto/tls recorded tests against OpenSSL, since https://golang.org/cl/220037 turned out to be a partial fix.
OpenSSH migrated the
ssh-rsakey type, which historically used thessh-rsasignature algorithm based on SHA-1, to the newrsa-sha2-256andrsa-sha2-512signature algorithms.x/crypto/ssh was not ready for the key type / signature algorithm mismatch, so it needs a few changes. Moreover, OpenSSH implemented a few mechanisms at the same time to enable the rollout, which we need to assess and expose.
This is a tracking issue for the effort in general. Here's a list of not-duplicate related issues:
We'll also need some tests against OpenSSH proper, like the crypto/tls recorded tests against OpenSSL, since https://golang.org/cl/220037 turned out to be a partial fix.