upstream: include SHA2-variant RSA key algorithms in KEX proposal;

allows ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen

OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index d95ba1b37f3212a6db48baec384881f444fd7226..d383b57b9e351c0b2ffafcc8b01335b42870c10d 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.128 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.129 2019/07/12 04:08:39 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -233,7 +233,12 @@ keygrab_ssh2(con *c)
                break;
        case KT_RSA:
                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
-                   "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
+                   "rsa-sha2-512-cert-v01@openssh.com,"
+                   "rsa-sha2-256-cert-v01@openssh.com,"
+                   "ssh-rsa-cert-v01@openssh.com" :
+                   "rsa-sha2-512,"
+                   "rsa-sha2-256,"
+                   "ssh-rsa";
                break;
        case KT_ED25519:
                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?