[sshd] Distinguish key type and signature algorithm for host key

Since the introduction of the rsa-sha2-512 and rsa-sha2-256 signature
types, the key type for RSA is no longer automatically the signature
algorithm. We re-order the list for the host key proposal such that
keys we already have are preferred; this minimizes warnings about new
host keys. When doing so, put all of rsa-sha2-512, rsa-sha2-256, and
ssh-rsa at the front, in that order, not just ssh-rsa.

This ensures that we do prefer RSA keys if we already have an RSA host
key, but at the same time we still prefer the stronger signature
algorithms over the weaker and deprecated SHA1-based ssh-rsa signature.
It also helps avoid a bug found in some Github versions where the Github
SSH server uses a rsa-sha2-512 signature even though ssh-rsa was
negotiated.[1]

[1] https://www.eclipse.org/forums/index.php/t/1108282/

Bug: 574635
Change-Id: I0a49dcfa0c2c93f23118c983cd0bc9e5a467d886
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

@@ -47,6 +47,7 @@
 import org.apache.sshd.common.kex.KeyExchangeFactory;
 import org.apache.sshd.common.kex.extension.KexExtensionHandler;
 import org.apache.sshd.common.kex.extension.KexExtensions;
+import org.apache.sshd.common.keyprovider.KeyPairProvider;
 import org.apache.sshd.common.signature.BuiltinSignatures;
 import org.apache.sshd.common.kex.extension.KexExtensionHandler.AvailabilityPhase;
 import org.apache.sshd.common.util.Readable;
@@ -291,6 +292,11 @@ protected String resolveAvailableSignaturesProposal(
 				if (key != null) {
 					String keyType = KeyUtils.getKeyType(key);
 					if (keyType != null) {
+						if (KeyPairProvider.SSH_RSA.equals(keyType)) {
+							// Add all available signatures for ssh-rsa.
+							reordered.add(KeyUtils.RSA_SHA512_KEY_TYPE_ALIAS);
+							reordered.add(KeyUtils.RSA_SHA256_KEY_TYPE_ALIAS);
+						}
 						reordered.add(keyType);
 					}
 				}