ssh/test: don't use DSA keys in integrations tests, update test RSA key

on RHEL 9 OpenSSH does not support DSA keys and RSA keys with size less
than 2048 bits, furthermore signing with ssh-rsa (SHA-1 signatures) and
ssh-dss is not allowed, therefore:

1) replaced the 1024-bit RSA key used in the test with a new 2048-bit
2) removed DSA key from itegration tests
3) allowed signature errors using ssh-rsa in agent integration tests, we
   also check SHA-2 variants that are not skipped

Fixes golang/go#65581

Change-Id: I54bf997b61ef4d91d38eb624275737ba7291bb20
Reviewed-by: Roland Shoemaker <>
Reviewed-by: David Chase <>
Reviewed-by: Filippo Valsorda <>
Auto-Submit: Nicola Murino <>
LUCI-TryBot-Result: Go LUCI <>
5 files changed
tree: 6eba66106c9e7a7436c8811c5ea352d7e47b8ef6
  1. acme/
  2. argon2/
  3. bcrypt/
  4. blake2b/
  5. blake2s/
  6. blowfish/
  7. bn256/
  8. cast5/
  9. chacha20/
  10. chacha20poly1305/
  11. cryptobyte/
  12. curve25519/
  13. ed25519/
  14. hkdf/
  15. internal/
  16. md4/
  17. nacl/
  18. ocsp/
  19. openpgp/
  20. otr/
  21. pbkdf2/
  22. pkcs12/
  23. poly1305/
  24. ripemd160/
  25. salsa20/
  26. scrypt/
  27. sha3/
  28. ssh/
  29. tea/
  30. twofish/
  31. x509roots/
  32. xtea/
  33. xts/
  34. .gitattributes
  35. .gitignore
  36. codereview.cfg
  38. go.mod
  39. go.sum

Go Cryptography

Go Reference

This repository holds supplementary Go cryptography libraries.


The easiest way to install is to run go get -u You can also manually git clone the repository to $GOPATH/src/

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see

The main issue tracker for the crypto repository is located at Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.