commit 9b076918e3c7e908b2bdea932f272a9979f2488a
author Михаил Патин <mixa1243@gmail.com> Sat Feb 12 11:49:26 2022 +0300
committer Filippo Valsorda <filippo@golang.org> Mon Mar 14 23:46:23 2022 +0000
tree aced844529b2773054375b2c16ac011014096187
parent b769efc7c00088ebca9d0597bdc7094f079cac54

ssh: support new curve25519-sha256 kex name

RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

ssh/common.go

diff --git a/ssh/common.go b/ssh/common.go
index ec1f839..ba7052b 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -44,7 +44,7 @@
 // supportedKexAlgos specifies the supported key-exchange algorithms in
 // preference order.
 var supportedKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
 	// P384 and P521 are not constant-time yet, but since we don't
 	// reuse ephemeral keys, using them for ECDH should be OK.
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
@@ -61,7 +61,7 @@
 // preferredKexAlgos specifies the default preference for key-exchange algorithms
 // in preference order.
 var preferredKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
 	kexAlgoDH14SHA1,
 }