x/crypto/ssh exception trying to parse RSA public Key

[Florian Rinke]

Hi all,

When Using the golang.org/x/crypto/ssh module to connect to a lshd SSH server this error gets thrown:

panic: ssh: handshake failed: ssh: exponent too large

    goroutine 1 [running]:
    main.main()
        C:/Users/user/Documents/project/sample.go:33 +0x685 EOF

It's defined in /ssh/keys.go#L353 (https://github.com/golang/crypto/blob/5ea612d1eb830b38bc4e914e37f55311eb58adce/ssh/keys.go#L353) the error appears when the exponent of the RSA key is over 24 bits.

`lshd` with the program `lsh-keygen` generates a RSA 2048 certificate with 32 bits exponent.
After converting the to a more common format it gets accepted by OpenSSH and validators.

I was also not able to find a limit on the bitlength of RSA exponents, only that it must be a positive asn.1 Integer > 0.

The error can be mitigated by changing s/24/32/ at line 353 in ssh/keys.go afterwards the program works as intended.
I was not able to observe any side effects from changing this value.

How should i best go forward with this? Should i vendor a local copy or make a upstream bug report/merge request?