In current implementation the signature factories effects all algorithms that can be used during a connection. There is no way of limiting only sever host key algorithm to be able to request a specific server key. This is required in order to connect to pre-approved server using weaker key.
It should be possible as in rfc4253 "Algorithm Negotiation" we have two fields one for available algorithms, and another for requesting a specific set of server keys which is subset of the available algorithms.
In rfc4252 we have "Public Key Authentication Method:
"publickey"" "Public key algorithms are defined in the transport layer specification". So client public key types are subset of kex_algorithms.
As far as I understand if we set kex algorithms of rsa and nistp256
and force host key algorithms of rsa, we should be able to force
server to use weaker algorithm while client can use any of rsa and
To prove that I hacked the AbstractSession with:
If I force ssh-rsa I receive ssh-rsa sever key as expected.
If I force ecdsa-sha2-nistp256 I receive ecdsa-sha2-nistp256 server
key as expected while can authenticate using client ssh-rsa key, this
means that server and client are indeed detached.
Adding an option to specify a list of server host key type like "ssh-rsa" or "ecdsa-sha2-nistp256" will be nice as once having a pre-approved server keys, we can enforce them easily without transformation/guessing signature algorithm.