Possible issue with negotiating rsa-sha2-512

[fmeum]

Steps to reproduce:

1. Set configured key algorithms to contain KeyAlgorithms.RSASHA256().
2. Try to connect to github.com (or bitbucket.org).
3. The following exception (truncated to the part that is sshj-related) is thrown:

     Caused by: net.schmizz.sshj.transport.TransportException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
        at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:33)
        at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:27)
        at net.schmizz.concurrent.Promise.deliverError(Promise.java:95)
        at net.schmizz.concurrent.Event.deliverError(Event.java:74)
        at net.schmizz.concurrent.ErrorDeliveryUtil.alertEvents(ErrorDeliveryUtil.java:34)
        at net.schmizz.sshj.transport.KeyExchanger.notifyError(KeyExchanger.java:398)
        at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:613)
        at net.schmizz.sshj.transport.Reader.run(Reader.java:66)
     Caused by: net.schmizz.sshj.common.SSHException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
        at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:36)
        at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:29)
        at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:608)
        at net.schmizz.sshj.transport.Reader.run(Reader.java:66) 
     Caused by: net.schmizz.sshj.common.SSHRuntimeException: Expected 'rsa-sha2-256' key algorithm, but got: ssh-rsa
        at net.schmizz.sshj.signature.AbstractSignature.extractSig(AbstractSignature.java:107)
        at net.schmizz.sshj.signature.SignatureRSA.verify(SignatureRSA.java:119)
        at net.schmizz.sshj.transport.kex.AbstractDHG.next(AbstractDHG.java:85)
        at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:370)
        at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:514)
        at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
        at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
        at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
        at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

When using KeyAlgorithms.SSHRSA() or the 0.29.0 release, everything works fine.

It seems that GitHub is sending an ssh-rsa signature in the key exchange even though sshj believes that it successfully negotiated rsa-sha2-256 as the server host key signature algorithm. When connecting to GitHub with OpenSSH, it successfully negotiates rsa-sha2-512, so this is not simply due to missing support on GitHub.

[fmeum]

This turned out to be a spec deviation by GitHub's SSH server implementation: They send ssh-rsa signatures even though rsa-sha2-512 was negotiated if the client does not indicate support for SSH_MSG_EXT_INFO by offering the (fake) kex algorithm ext-info-c. This violates https://tools.ietf.org/html/rfc8332#section-3.1.

Since working around this issue is quite simple and should improve overall compatibility, I have created #622.