x/crypto/ssh: host key algorithm selection prefers DSA over ED25519 #51168
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
When a server provides both a DSA host key and an ED25519 host key, the Go ssh library will select DSA instead. But DSA has been deprecated in OpenSSH (and in other libraries, I suppose).
This is because in crypto/ssh/common.go, ED25519 is at the end of
supportedHostKeyAlgos
, which is supposed to be in preference order:The text was updated successfully, but these errors were encountered: