Relax RSA signature check
Buggy SSH clients, such as gpg-agent v2.2.4 and OpenSSH v7.6 shipped in Ubuntu 18.04, may send ssh-rsa-512
as the public key algorithm but actually include a rsa-sha
signature.
According to https://datatracker.ietf.org/doc/html/rfc8332#section-3.2:
A server MAY, but is not required to, accept this variant or another variant that corresponds to a good-faith implementation and is considered safe to accept.
We relax this constraint: if the SSH_MSG_USERAUTH_REQUEST
message includes an RSA public key, then we allow any of the following signature types:
rsa-sha-512
rsa-sha-256
rsa-sha
This is what OpenSSH does.
Relates to https://github.com/golang/go/issues/53391
Edited by Stan Hu