diff -up openssh-9.3p1/regress/hostkey-agent.sh.xxx openssh-9.3p1/regress/hostkey-agent.sh

--- openssh-9.3p1/regress/hostkey-agent.sh.xxx	2023-05-29 18:15:56.311236887 +0200

+++ openssh-9.3p1/regress/hostkey-agent.sh	2023-05-29 18:16:07.598503551 +0200

@@ -17,8 +17,21 @@ trace "make CA key"

 ${SSHKEYGEN} -qt ed25519 -f $OBJ/agent-ca -N '' || fatal "ssh-keygen CA"

+PUBKEY_ACCEPTED_ALGOS=`$SSH -G "example.com" | \

+    grep -i "PubkeyAcceptedAlgorithms" | cut -d ' ' -f2- | tr "," "|"`

+SSH_ACCEPTED_KEYTYPES=`echo "$SSH_KEYTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"`

+echo $PUBKEY_ACCEPTED_ALGOS | grep "rsa"

+r=$?

+if [ $r == 0 ]; then

+echo $SSH_ACCEPTED_KEYTYPES | grep "rsa"

+r=$?

+if [ $r -ne 0 ]; then

+SSH_ACCEPTED_KEYTYPES="$SSH_ACCEPTED_KEYTYPES ssh-rsa"

+fi

+fi

+

 trace "load hostkeys"

-for k in $SSH_KEYTYPES ; do

+for k in $SSH_ACCEPTED_KEYTYPES ; do

 	${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k"

 	${SSHKEYGEN} -s $OBJ/agent-ca -qh -n localhost-with-alias \

 		-I localhost-with-alias $OBJ/agent-key.$k.pub || \

@@ -32,12 +48,16 @@ rm $OBJ/agent-ca # Don't need CA private

 unset SSH_AUTH_SOCK

-for k in $SSH_KEYTYPES ; do

+for k in $SSH_ACCEPTED_KEYTYPES ; do

 	verbose "key type $k"

+	hka=$k

+	if [ $k = "ssh-rsa" ]; then

+	   hka="rsa-sha2-512"

+	fi

 	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy

-	echo "HostKeyAlgorithms $k" >> $OBJ/sshd_proxy

+	echo "HostKeyAlgorithms $hka" >> $OBJ/sshd_proxy

 	echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy

-	opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy"

+	opts="-oHostKeyAlgorithms=$hka -F $OBJ/ssh_proxy"

 	( printf 'localhost-with-alias,127.0.0.1,::1 ' ;

 	  cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts

 	SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`

@@ -50,15 +70,16 @@ for k in $SSH_KEYTYPES ; do

 done

 SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'`

+SSH_ACCEPTED_CERTTYPES=`echo "$SSH_CERTTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"`

 # Prepare sshd_proxy for certificates.

 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy

 HOSTKEYALGS=""

-for k in $SSH_CERTTYPES ; do

+for k in $SSH_ACCEPTED_CERTTYPES ; do

 	test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS},"

 	HOSTKEYALGS="${HOSTKEYALGS}${k}"

 done

-for k in $SSH_KEYTYPES ; do

+for k in $SSH_ACCEPTED_KEYTYPES ; do

 	echo "Hostkey $OBJ/agent-key.${k}.pub" >> $OBJ/sshd_proxy

 	echo "HostCertificate $OBJ/agent-key.${k}-cert.pub" >> $OBJ/sshd_proxy

 	test -f $OBJ/agent-key.${k}.pub || fatal "no $k key"

@@ -70,7 +93,7 @@ echo "HostKeyAlgorithms $HOSTKEYALGS" >>

 ( printf '@cert-authority localhost-with-alias ' ;

   cat $OBJ/agent-ca.pub) > $OBJ/known_hosts

-for k in $SSH_CERTTYPES ; do

+for k in $SSH_ACCEPTED_CERTTYPES ; do

 	verbose "cert type $k"

 	opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy"

 	SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'`

diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c

--- openssh-9.3p1/sshconnect2.c.xxx	2023-04-26 17:37:35.100827792 +0200

+++ openssh-9.3p1/sshconnect2.c	2023-04-26 17:50:31.860748877 +0200

@@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, st

     const struct ssh_conn_info *cinfo)

 {

 	char *myproposal[PROPOSAL_MAX];

-	char *s, *all_key, *hkalgs = NULL;

+	char *s, *all_key, *hkalgs = NULL, *filtered_algs = NULL;

 	int r, use_known_hosts_order = 0;

 #if defined(GSSAPI) && defined(WITH_OPENSSL)

@@ -260,9 +260,21 @@ ssh_kex2(struct ssh *ssh, char *host, st

 	if (use_known_hosts_order)

 		hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo);

+	filtered_algs = hkalgs ? match_filter_allowlist(hkalgs, options.pubkey_accepted_algos)

+		               : match_filter_allowlist(options.hostkeyalgorithms,

+				 options.pubkey_accepted_algos);

+	if (filtered_algs == NULL) {

+		if (hkalgs)

+			fatal_f("No match between algorithms for %s (host %s) and pubkey accepted algorithms %s",

+			       hkalgs, host, options.pubkey_accepted_algos);

+		else

+			fatal_f("No match between host key algorithms %s and pubkey accepted algorithms %s",

+			        options.hostkeyalgorithms, options.pubkey_accepted_algos);

+	}

+

 	kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers,

 	    options.macs, compression_alg_list(options.compression),

-	    hkalgs ? hkalgs : options.hostkeyalgorithms);

+	    filtered_algs);

 #if defined(GSSAPI) && defined(WITH_OPENSSL)

 	if (options.gss_keyex) {

@@ -303,6 +315,7 @@ ssh_kex2(struct ssh *ssh, char *host, st

 #endif

 	free(hkalgs);

+	free(filtered_algs);

 	/* start key exchange */

 	if ((r = kex_setup(ssh, myproposal)) != 0)