From 8b7451bf3eed473aec89ece29e6b3769c7e60680 Mon Sep 17 00:00:00 2001
From: John Judd <john.judd@c2fo.com>
Date: Tue, 10 Sep 2024 15:53:16 -0500
Subject: [PATCH] Added additionally-supported HostKeyAlgorithms for SFTP
 backend.  Resolves #198. (#199)

---
 CHANGELOG.md            | 4 ++++
 backend/sftp/options.go | 9 +++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cddad66f..a5193907 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased]
 
+## [6.17.0] - 2024-09-10
+### Added
+- Added additionally-supported HostKeyAlgorithms for SFTP backend.  Resolves #198.
+
 ## [6.16.0] - 2024-08-24
 ### Security
 - Fixes #196 - Update to latest go and dependencies
diff --git a/backend/sftp/options.go b/backend/sftp/options.go
index 20dc83d8..7d9c9757 100644
--- a/backend/sftp/options.go
+++ b/backend/sftp/options.go
@@ -36,6 +36,13 @@ type Options struct {
 
 var defaultSSHConfig = &ssh.ClientConfig{
 	HostKeyAlgorithms: []string{
+		"rsa-sha2-256-cert-v01@openssh.com",
+		"rsa-sha2-512-cert-v01@openssh.com",
+		"ssh-rsa-cert-v01@openssh.com",
+		"ecdsa-sha2-nistp256-cert-v01@openssh.com",
+		"ecdsa-sha2-nistp384-cert-v01@openssh.com",
+		"ecdsa-sha2-nistp521-cert-v01@openssh.com",
+		"ssh-ed25519-cert-v01@openssh.com",
 		"ssh-ed25519",
 		"ecdsa-sha2-nistp256",
 		"ecdsa-sha2-nistp384",
@@ -66,8 +73,6 @@ var defaultSSHConfig = &ssh.ClientConfig{
 			"aes256-ctr",
 			"aes192-ctr",
 			"aes128-ctr",
-			"aes256-cbc",
-			"aes192-cbc",
 			"aes128-cbc",
 			"3des-cbc",
 		},