Set flag on RSA keys of deprecated RSA SHA1 support when loading
keys based on server version of the transport. This ensures keys
are properly flagged. Flag name has been updated to provide context
on usage.
Version matching on the OpenSSH server version has also been updated
to handle customized naming in the version string (as seen in the
Windows port) and to properly handle when no match is found.
Fixes#12344#12408#12381
Keep the constraint on net-ssh tight so we can be confident that the
patching will be successful and that a net-ssh release won't inadvertently
cause our local updates to become non-functional.
Fix patch to only update the behavior for RSA based keys when the server
is recent enough to include the signature changes
Modifies `OpenSSL::PKey::RSA` to provide a `#signature_algorithm`
method which provides the signature algorithm value expected by
OpenSSH. The `#ssh_do_sign` method is updated to use the set
algorithm (SHA256) and `#to_blob` is updated to include the
signature algorithm instead of the key type.
To prevent resolution issues with the introduction
of a prerelease constraint, update the net-ssh constraint
to be a minimum at the latest release. Include monkey
patches to include support for wanted host key algos.
The monkey patches are only applied to the latest
net-ssh currently and will be ignored once the current
prerelease has been fully released.
