From c0b4116c4496acca6597e5ec1354fc01e184db72 Mon Sep 17 00:00:00 2001
From: Steve Traylen <steve.traylen@cern.ch>
Date: Tue, 2 May 2023 15:24:02 +0200
Subject: [PATCH] Sign with SHA2_256 always

Currently signatures are always created with the default ssh-rsa.

Always sign with: `ssh-rsa-256`.

The string `0x02` requests this as per:

https://github.com/openssh/openssh-portable/blob/master/authfd.h#L119

In particular RHEL9 disables `ssh-rsa` along with all SHA1 signing.
---
 lib/ssh/key/signer.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ssh/key/signer.rb b/lib/ssh/key/signer.rb
index 185c8c6..9b8b1d2 100644
--- a/lib/ssh/key/signer.rb
+++ b/lib/ssh/key/signer.rb
@@ -55,7 +55,7 @@ def sign(string)
         signature.signature = identity.ssh_do_sign(string)
       else
         # Only public signing identities come from our agent.
-        signature = SSH::Key::Signature.from_string(@agent.sign(identity, string))
+        signature = SSH::Key::Signature.from_string(@agent.sign(identity, string, 0x02))
       end
       signature.identity = identity
       signatures << signature