<div dir="ltr"><div dir="ltr">Hello Patrick, thanks.<br clear="all"><div><div dir="ltr" class="gmail_signature"><br></div></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">For a curl question, you better use the <br>
<a href="https://lists.haxx.se/listinfo/curl-library" rel="noreferrer" target="_blank">https://lists.haxx.se/listinfo/curl-library</a> mailing list.<br>
<br></blockquote><div>Yes, I'm also writing to curl's mailing list.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
In libssh2 (and ssh in general) rsa-sha2-256 and rsa-sha2-512 reuse the <br>
normal ssh-rsa keys: only the signature algorithm and hash size change <br>
and do not require a key change. See <br>
<a href="https://www.rfc-editor.org/rfc/rfc8332#section-3" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc8332#section-3</a> and <br>
<a href="https://ikarus.sg/rsa-is-not-dead/" rel="noreferrer" target="_blank">https://ikarus.sg/rsa-is-not-dead/</a></blockquote><div><br></div><div>OK, I see. </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">libssh2 supports rsa-sha2-256 and rsa-sha2-512 if the compiled-in tls <br>
backend implements them (currently all but libgcrypt). Their use is <br>
decided at run-time after negociation with the server (that should also <br>
support them of course !) See <br>
<a href="https://www.rfc-editor.org/rfc/rfc8332#section-3.3" rel="noreferrer" target="_blank">https://www.rfc-editor.org/rfc/rfc8332#section-3.3</a></blockquote><div><br></div><div>I'm using openssl, which is also the default. So it should work.</div><div><br></div><div>Is it possible that <span style="color:rgb(0,0,0);font-size:13.3333px">server-sig-algs is somehow not supported by the server (sshd)?</span></div><div><br></div><div>Why did curl/libssh2 offer:</div><div><br></div><div>Unable to negotiate with 127.0.0.1 port 43382: no matching host key type found. Their offer: ssh-rsa [preauth] </div><div><br></div><div>it makes sense that <span style="color:rgb(0,0,0);font-size:13.3333px">server-sig-algs was not supported by the server and libssh2 dropped down to ssh-rsa to avoid the penalization.</span></div><div><span style="color:rgb(0,0,0);font-size:13.3333px"><br></span></div><div><span style="color:rgb(0,0,0);font-size:13.3333px">This hypothesis makes sense, but how do I enable </span><span style="color:rgb(0,0,0);font-size:13.3333px">server-sig-algs extension in sshd?</span></div></div></div>