raskey.py is hardcoded with "ssh-rsa" in places where we need support for rsa-sha2-256 and other versions

[aswanidutt]

No description provided.

[aswanidutt]

here: def asbytes(self):
m = Message()
m.add_string("ssh-rsa") # need to be able to choose different versions of sha
m.add_mpint(self.public_numbers.e)
m.add_mpint(self.public_numbers.n)
return m.asbytes()

[jun66j5]

No. That code should be correct. Please describe the details if you encounter an issue with the latest version of paramiko.

[aswanidutt]

when we create a cert and try to sign it using paramiko, its not giving us option to sign the cert with SHA2 its hardcoded to sign and verify only with SHA1(ssh-rsa), though it has mentioned the different algorithms(Hashes) in that file
HASHES = {
"ssh-rsa": hashes.SHA1,
"ssh-rsa-cert-v01@openssh.com": hashes.SHA1,
"rsa-sha2-256": hashes.SHA256,
"rsa-sha2-256-cert-v01@openssh.com": hashes.SHA256,
"rsa-sha2-512": hashes.SHA512,
"rsa-sha2-512-cert-v01@openssh.com": hashes.SHA512,
}
its hard coded in the line 95 to "ssh-rsa", because of this we are unable to sign(verify after the signing part) for the cert.
I am talking about the file rsakey.py file

[jun66j5]

I've posted PR #1977 to fix publickey authentication with signed RSA key. Try it. See also #1963.

I believe the asbytes() is correct.

[11chri]

@jun66j5 I just checked your PR on Paramiko 2.9.2 and it fixes #1963

[aswanidutt]

I dont see the change of m.add_string("ssh-rsa") to
m.add_string(algorithm) in the rsakey.py file, it is not reflected in the version 2.10.1.
though its there in the change 363a28d

[bitprophet]

Jun's fix from #1977 will be out in 2.9.3 and 2.10.3.