Support for rsa-sha2-256 and rsa-sha2-512 signature algorithms

[cveld]

Terraform CLI and Provider Versions

1.8.1

Use Cases or Problem Statement

To connect through ssh with Azure Repos, a key is required with either rsa-sha2-256 or rsa-sha2-512 signature algorithm.

Proposal

Please add an option in the resource tls_private_key to target one of these signatures.

How much impact is this issue causing?

High

Additional Information

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[cveld]

It seems this is an irrelevant request. Based on https://superuser.com/questions/1556852/how-to-check-if-your-ssh-keys-are-in-the-ssh-rsa2-format, it seems that the key is already rsa and that it is really the client that selects the desired signature algorithm. Can you confirm?

[msterin]

It seems this is an irrelevant request. Based on https://superuser.com/questions/1556852/how-to-check-if-your-ssh-keys-are-in-the-ssh-rsa2-format, it seems that the key is already rsa and that it is really the client that selects the desired signature algorithm. Can you confirm?

It does not look that way. Here is MSFT statement about RSA algorithm deprecation in Azure Repos
They require keys generated with RSA-SHA2-256 or RSA-SHA2-512 cipher (e.g. -t rsa-sha2-512 in ssh-keygen). The one generated as -t rsa is throttled and will be declined RSN, no matter the client