How does openssh client connect to VMs using cert based keys like [email protected], [email protected] etc when the certificate based algorithms are not enumerated in server-sig-algs. Shouldn't the authentication fail if the negotiation fails or how is OpenSSH handling this scenario?
I tried connecting to an Ubuntu VM using OpenSSH client version 8.6p1 and the server is on 8.9p1. I tried connecting using a certificate [email protected] xxxxxx and the connection is successful although sshd -T on the VM lists only [email protected], [email protected] as the pubkeyacceptedalgorithms. Does OpenSSH client do any algo upgrades before negotiating with the server to achieve this? If so, how does OpenSSH negotiate with the server if the server clearly doesn't list certificate based algorithms in server-sig-algs list?