Update russh requirement from 0.49 to 0.50

[dependabot]

Updates the requirements on russh to permit the latest version.

Release notes

Sourced from russh's releases.

v0.50.0

Significant changes

russh_keys merged into russh

• 23cc724: (#450) - the russh_keys crate has been fully merged into russh. If you have been importing from russh::keys, no changes are needed, otherwise remove the russh_keys dependency and replace all use russh_keys imports with use russh::keys.

Native async traits

• 3e04597: (#455) - client::Handler, server::Handler and other traits are now native Rust async traits. In most cases, you can simply remove the #[async_trait] macro from your trait impl. Alternatively, you can enable the async_trait feature, which will turn the traits into #[async_trait]s again. Note that the old async_trait support will be removed soon.

RSA hash negotiation

• 72847a7 / d4d3605: support automatic RSA key hash detection using server-sig-algs extension (#452 / #453)

Russh client now supports the server-sig-algs OpenSSH extension and can automatically select the strongest hash for RSA keys.

You can use russh::client::Handle::best_supported_rsa_hash() to choose the hash.

PrivateKeyWithHashAlg::new is now infallible and will ignore hash_alg for non-RSA keys, so you don't have to build separate logic just for RSA keys:

session.authenticate_publickey(
    user, 
    PrivateKeyWithHashAlg::new(
        Arc::new(key_pair),
        session.best_supported_rsa_hash().await?.unwrap_or(...), // some fallback Option<HashAlg>
    ),
).await?;

If you just want to fall back to SHA1 / ssh-rsa in case the server does not support server-sig-algs:

session.authenticate_publickey(
    user, 
    PrivateKeyWithHashAlg::new(
        Arc::new(key_pair),
        session.best_supported_rsa_hash().await?.flatten(),
    ),
).await?;

ssh-key traits

• ab8aca8: russh has migrated to its own fork of the ssh-key crate, removed bundled workarounds - if you were relying on traits directly imported from ssh_key, you might need to import them from russh::keys::ssh_key instead.

New features

... (truncated)

Commits

• 89fed88 v0.50.0
• 2c6d72b v0.50.0-beta.12
• 3e04597 Native async traits encore (#455) - note: MSRV: 1.75
• 7109917 bump russh for auth rsa hash
• d4d3605 added best_supported_rsa_hash (#453)
• 72847a7 support automatic RSA key hash detection using server-sig-algs extension (#452)
• 4fe938e Send proper algorithm for certificates (#451)
• 7ca359e fmt
• 84b871d v0.50.0-beta.10
• 7c1060f fixed client k-i auth not working as second auth method
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)