ssh: support new curve25519-sha256 kex name

RFC 8731 standardized curve25519-sha256@libssh.org as curve25519-sha256,
and some systems only advertise support for the new name.

Fixes golang/go#48756

Change-Id: Ice35874cd8c07ad48752686ac368bf11ab793f77
Co-authored-by: Filippo Valsorda <filippo@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/385394
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Trust: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/ssh/common.go b/ssh/common.go
index ec1f839..ba7052b 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -44,7 +44,7 @@
 // supportedKexAlgos specifies the supported key-exchange algorithms in
 // preference order.
 var supportedKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
 	// P384 and P521 are not constant-time yet, but since we don't
 	// reuse ephemeral keys, using them for ECDH should be OK.
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
@@ -61,7 +61,7 @@
 // preferredKexAlgos specifies the default preference for key-exchange algorithms
 // in preference order.
 var preferredKexAlgos = []string{
-	kexAlgoCurve25519SHA256,
+	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
 	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
 	kexAlgoDH14SHA1,
 }