Update Rust crate russh-keys to 0.49.2

[oxide-renovate]

This PR contains the following updates:

Package	Type	Update	Change
russh-keys	dependencies	minor	0.45.0 → 0.49.2

---

Release Notes

warp-tech/russh (russh-keys)

v0.49.2

Compare Source

Fixes

• cb5d3ba: fixed #​418 - client - incorrect kex signature verification for RSA-SHA2
• 97ec468: Remove calls to dbg!() (#​414) (Eric Rodrigues Pires)

v0.49.1

Compare Source

v0.49.0

Compare Source

Changes

This release fixes the regression in v0.48 which made it impossible to choose the hash algorithm when using RSA keys for authentication. Unfortunately, the fix is a breaking API change, hence the version bump.

client::Handle::authenticate_publickey now takes a russh_keys::key::PrivateKeyWithHashAlg which you can construct from an Arc<russh_keys::PrivateKey> + Option<russh_keys::HashAlg>.

The latter lets you choose between SHA1, SHA256 and SHA512 for RSA keys, and must be None for all other key types.

Example:

let key_pair = load_secret_key(key_path, None)?;

let auth_res = session
    .authenticate_publickey(
        user, 
        PrivateKeyWithHashAlg::new(Arc::new(key_pair), Some(HashAlg::Sha512))?
    )
    .await?;

v0.48.1

Compare Source

Breaking changes

russh v0.48 drops its own data parsing and key handling code in favor of the RustCrypto project's ssh-key (#​368) and ssh-encoding (#​371) crates. This means there are some breaking changes, which are listed here:

Important for library users

• russh_keys::key::PublicKey is replaced with russh_keys::PublicKey (ssh_key::PublicKey)

• russh_keys::key::KeyPair is replaced with russh_keys::PrivateKey (ssh_key::PrivateKey)

• russh_keys::key::parse_public_key no longer takes a hash algorithm argument as RSA keys are no longer locked down to a specific algorithm internally. RSA key specific hash algorithms are only used in Preferred::key.

• Key type constants in russh_keys::key and russh_keys::key::Name are removed - use the russh_keys::Algorithm enum instead. Config::preferred::key now also takes russh_keys::Algorithms instead of russh_key::key::Names.

• russh::client::Handle::authenticate_future is renamed to russh::client::Handle::authenticate_publickey_with

Less important

• new russh::Error enum variants:

  • Error:Signature
  • Error:SshKey
  • Error:SshEncoding

• new russh_keys::Error enum variants:

  • Error::Rsa
  • Error::Utf8

• russh::auth::Signer is now an async_trait

• russh_keys::ec is removed

• russh_keys::encoding is removed (use russh_keys::ssh_encoding)

• russh_keys::signature is removed

• russh_keys::protocol is removed

• russh_keys::key::SignatureHash is replaced with russh_keys::HashAlg (ssh_key::HashAlg)

• russh_keys::key::SignatureBytes is removed

• russh_keys::key::RsaPrivate is removed (use russh_keys::ssh_key::private::RsaPrivateKey)

• russh_keys::key::RsaPublic is removed (use russh_keys::ssh_key::public::RsaPublicKey)

• russh_keys::key::RsaCrtExtra is removed

• russh_keys::key::Signature is replaced with russh_keys::signature::Signature (signature::Signature)

Features

• aa9bdb4: added support for <sk-ecdsa-sha2-nistp256-cert-v01@​openssh.com> and <sk-ssh-ed25519-cert-v01@​openssh.com> keys in client
• 68fff93: Add support for StrictHostKeyChecking and UserKnownHostsFile (#​386) (Mattias Eriksson) #​386
• 981cf7b: Derive Debug where possible (#​374) (Quentin Santos) #​374
• c328558: Implement From<&str> and From<&[u8]> for CryptoVec (#​391) (Josh McKinney) #​391

Fixes

• 47ca41d: Send proper algorithm for certificates (#​378) (Jerome Gravel-Niquet) #​378
• 2d8c08a: ratatui examples fixed. (#​388) (André Almeida) #​388
• bd6dc3a: impl Drop for server examples (#​376) (Eric Rodrigues Pires) #​376
• ac441a6: fix:remove unused memcpy function (#​406) (irvingouj @​ Devolutions) #​406
• a5c4adc: #​401 - removing TX busywait (#​408) #​408

Docs

• 2dca3c6: Document how to reply to channel requests (#​381) (Quentin Santos) #​381

v0.48.0

Compare Source

v0.46.0

Compare Source

Changes

• wasm-support: add wasm support (#​351) #​351 (irvingouj @​ Devolutions)
• 97dc08b: Support Pageant as agent (#​326) #​326
• 26aae26: added named pipe support for AgentClient and AgentClient::dynamic()
• 8b88465: added AgentClient::into_inner
• 67a6ba8: Implement streamlocal-forward for remote => local UDS forwarding (#​312) (kanpov) #​312
• b9759d4: client channel handling changes - server_channel_open_direct_tcpip, server_channel_open_agent_forward and server_channel_open_session now receive a Channel instead of a ChannelId. Also added should_accept_unknown_server_channel and server_channel_open_unknown callbacks.
• d6ee97a: new rich NoCommonAlgo error
• cb8d9e9: fixed #​338 - make KeyPair::generate_ed25519 infallible
• 9444608: Add a way to open an agent forwarding channel (#​344) (Thomas Rampelberg) #​344
• ee59e07: Add ed25519 to ALL_KEY_TYPES (#​360) (Toni Peter) #​360
• 3f7271b: fixed #​358 - relax strict kex checks to match OpenSSH
• 72aa097: Update deps (#​363) (Lucas Kent) #​363

Fixes

• process multiple host entries (#​331) #​331 (Yaroslav Bolyukin)
• b704f4c: Remove leftover extraneous debugging in host globbing function (#​328) (Adam Chappell) #​328
• c99f49c: fixed Error::Disconnect getting returned from connect instead of the more specific error type when connection fails during kex phase
• 73fa3e5: Improve echoserver example, bump Rust toolchain to 1.81 (#​339) (Julian) #​339
• fix typo: add a missing word. (#​342) #​342 (Pipelight)
• f587d13: Reject unsupported key types instead of failing (#​352) (Gary Guo) #​352
• 6df962d: Minor accuracy improvements to server documentation (#​346) (Kaleb Elwert) #​346
• add adopters to readme (#​356) #​356 (Thomas Rampelberg)
• cd84f4d: Update sftp examples (#​357) (Roman) #​357

---

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

• Branch creation
  • "after 8pm,before 6am"
• Automerge
  • "after 8pm,before 6am"

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.