gitlab-sshd: Update crypto module to fix RSA keys with old gpg-agent
When we put gitlab-sshd in production, we noticed a number of clients using RSA keys would fail to login. The server would report:
ssh: signature "ssh-rsa" not compatible with selected algorithm "rsa-sha2-512"
This is reproducible on Ubuntu 18.04, which ships gpg-agent v2.2.4 and
OpenSSH v7.6. That version of gpg-agent does not support
rsa-sha2-256
or rsa-sha2-512
, but OpenSSH does. As a result,
OpenSSH specifies rsa-sha-512
as the public key algorithm to use in
the user authentication request message, but gpg-agent includes an
ssh-rsa
signature. OpenSSH servers tolerates this discrepancy, but
the Go implementation fails because it expects a strict match.
This commit pulls in golang-crypto!9 (merged) to fix the problem.
Relates to:
Edited by Stan Hu