SSH RSA public keys are not correctly negotiated
The SFTP client does not handle rsa-sha2 host keys correctly during the algorithm negotiation.
Instead of sending the key's algorithm, it sends the key type (aka ssh-rsa
).
But ssh-rsa
is also the name of the old RSA algorithm based on SHA1, which was deprecated by most applications because it is insecure.
Thus, when the SFTP client tries to connect to a third party which uses an RSA key, the negotiation fails because the server assumes
that the client is trying to use an insecure algorithm (even though it isn't).
This should be fixed by making it so that when the client expects an RSA hostkey, it properly declares all the RSA algorithms
it supports (meaning rsa-sha2-256
and rsa-sha2-512
), on top of ssh-rsa
.