From 2b53e462dd77fd41978e05a6dff475c999e7424e Mon Sep 17 00:00:00 2001
From: Rob Hague <rob.hague00@gmail.com>
Date: Thu, 28 Dec 2023 19:55:07 +0000
Subject: [PATCH] Authenticate with ssh-rsa by default (#1283)

---
 src/Renci.SshNet/PrivateKeyFile.cs                        | 6 +++---
 .../Classes/Common/HostKeyEventArgsTest.cs                | 2 +-
 test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs     | 8 +++++---
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/Renci.SshNet/PrivateKeyFile.cs b/src/Renci.SshNet/PrivateKeyFile.cs
index a93ffb195..9f6d728bc 100644
--- a/src/Renci.SshNet/PrivateKeyFile.cs
+++ b/src/Renci.SshNet/PrivateKeyFile.cs
@@ -250,11 +250,11 @@ private void Open(Stream privateKey, string passPhrase)
                 case "RSA":
                     var rsaKey = new RsaKey(decryptedData);
                     _key = rsaKey;
+                    _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
 #pragma warning disable CA2000 // Dispose objects before losing scope
                     _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA512)));
                     _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA256)));
 #pragma warning restore CA2000 // Dispose objects before losing scope
-                    _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
                     break;
                 case "DSA":
                     _key = new DsaKey(decryptedData);
@@ -268,11 +268,11 @@ private void Open(Stream privateKey, string passPhrase)
                     _key = ParseOpenSshV1Key(decryptedData, passPhrase);
                     if (_key is RsaKey parsedRsaKey)
                     {
+                        _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
 #pragma warning disable CA2000 // Dispose objects before losing scope
                         _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA512)));
                         _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA256)));
 #pragma warning restore CA2000 // Dispose objects before losing scope
-                        _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
                     }
                     else
                     {
@@ -337,11 +337,11 @@ private void Open(Stream privateKey, string passPhrase)
                         var p = reader.ReadBigIntWithBits(); // q
                         var decryptedRsaKey = new RsaKey(modulus, exponent, d, p, q, inverseQ);
                         _key = decryptedRsaKey;
+                        _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
 #pragma warning disable CA2000 // Dispose objects before losing scope
                         _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA512)));
                         _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA256)));
 #pragma warning restore CA2000 // Dispose objects before losing scope
-                        _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
                     }
                     else if (keyType == "dl-modp{sign{dsa-nist-sha1},dh{plain}}")
                     {
diff --git a/test/Renci.SshNet.Tests/Classes/Common/HostKeyEventArgsTest.cs b/test/Renci.SshNet.Tests/Classes/Common/HostKeyEventArgsTest.cs
index f3d0ae55b..84d899f8c 100644
--- a/test/Renci.SshNet.Tests/Classes/Common/HostKeyEventArgsTest.cs
+++ b/test/Renci.SshNet.Tests/Classes/Common/HostKeyEventArgsTest.cs
@@ -88,7 +88,7 @@ private static KeyHostAlgorithm GetKeyHostAlgorithm()
             using (var s = GetData("Key.RSA.txt"))
             {
                 var privateKey = new PrivateKeyFile(s);
-                return (KeyHostAlgorithm)privateKey.HostKeyAlgorithms.First();
+                return (KeyHostAlgorithm)privateKey.HostKeyAlgorithms.Single(x => x.Name == "rsa-sha2-512");
             }
         }
 
diff --git a/test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs b/test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs
index c536dc5c1..dfd02044a 100644
--- a/test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs
+++ b/test/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs
@@ -687,9 +687,11 @@ private static void TestRsaKeyFile(PrivateKeyFile rsaPrivateKeyFile)
 
             var algorithms = rsaPrivateKeyFile.HostKeyAlgorithms.ToList();
 
-            Assert.AreEqual("rsa-sha2-512", algorithms[0].Name);
-            Assert.AreEqual("rsa-sha2-256", algorithms[1].Name);
-            Assert.AreEqual("ssh-rsa", algorithms[2].Name);
+            // ssh-rsa should be attempted first during authentication by default.
+            // See https://github.com/sshnet/SSH.NET/issues/1233#issuecomment-1871196405
+            Assert.AreEqual("ssh-rsa", algorithms[0].Name);
+            Assert.AreEqual("rsa-sha2-512", algorithms[1].Name);
+            Assert.AreEqual("rsa-sha2-256", algorithms[2].Name);
         }
     }
 }