Remove hard-coded SSH supported algorithms

x/crypto/ssh now supports a list of default supported algorithms, and LabKit provides a mechanism to configure gitlab-shell to use FIPS-compliant algorithms (labkit!207 (merged)). Use these as defaults instead of the hard-coded values.

On a default configuration where no algorithms are configured, an ssh-audit shows:

Removed weak algorithms:

• diffie-hellman-group14-sha1 was removed (this was flagged as using a weak hashing algorithm)

Added stronger key exchange algorithms:

• mlkem768x25519-sha256 - A new post-quantum cryptographic algorithm
• diffie-hellman-group16-sha512 - Stronger than the group14 variants
• diffie-hellman-group-exchange-sha256 (2048-bit) - Provides additional flexibility

The changes represent a security improvement over the defaults.

What stayed the same:

• Host-key algorithms (still has the same security issues with weak elliptic curves)
• Encryption algorithms (ciphers)
• Message authentication codes
• The problematic NIST curves (nistp256, nistp384, nistp521) remain
• Same fingerprints, indicating the same server identity

Both audits still flag the same core problems:

• Weak elliptic curves (NIST P-curves)
• Weak ECDSA host key
• Encrypt-and-MAC mode usage
• Legacy ssh-rsa algorithm

ssh-audit-after.txt

ssh-audit-before.txt

FIPS

For FIPS, the changes are much more restrictive. The following key exchanges have been dropped by default:

• curve25519-sha256
• curve25519-sha256@libssh.org
• ecdh-sha2-nistp521 - The 521-bit NIST curve
• diffie-hellman-group14-sha256
• diffie-hellman-group14-sha1

Encryption algorithms Lost:

• chacha20-poly1305@openssh.com

MAC algorithms dropped:

• hmac-sha1

ssh-audit-after-fips.txt

ssh-audit-before-fips.txt

Relates to #821 (closed)