feat(ssh): add support for deprecated SSH config aliases

- Add HostbasedAcceptedAlgorithms field to domain model
- Support deprecated aliases: HostbasedKeyTypes, HostbasedAcceptedKeyTypes
- Add clear comments documenting which options are deprecated since OpenSSH 8.5
- Update mapper, CRUD operations, and SSH command builder accordingly

This ensures backward compatibility with older SSH configurations while
supporting the newer, more accurate naming conventions introduced in OpenSSH 8.5.

Author: tan9

internal/adapters/data/ssh_config_file/crud.go

@@ -134,6 +134,7 @@ func (r *Repository) createHostFromServer(server domain.Server) *ssh_config.Host
 	// Authentication and key management
 	r.addKVNodeIfNotEmpty(host, "PubkeyAuthentication", server.PubkeyAuthentication)
 	r.addKVNodeIfNotEmpty(host, "PubkeyAcceptedAlgorithms", server.PubkeyAcceptedAlgorithms)
+	r.addKVNodeIfNotEmpty(host, "HostbasedAcceptedAlgorithms", server.HostbasedAcceptedAlgorithms)
 	r.addKVNodeIfNotEmpty(host, "PasswordAuthentication", server.PasswordAuthentication)
 	r.addKVNodeIfNotEmpty(host, "PreferredAuthentications", server.PreferredAuthentications)
 	r.addKVNodeIfNotEmpty(host, "IdentitiesOnly", server.IdentitiesOnly)
@@ -197,45 +198,48 @@ func (r *Repository) addKVNodeIfNotEmpty(host *ssh_config.Host, key, value strin
 // updateHostNodes updates the nodes of an existing host with new server details.
 func (r *Repository) updateHostNodes(host *ssh_config.Host, newServer domain.Server) {
 	updates := map[string]string{
-		"hostname":                 newServer.Host,
-		"user":                     newServer.User,
-		"port":                     fmt.Sprintf("%d", newServer.Port),
-		"proxycommand":             newServer.ProxyCommand,
-		"proxyjump":                newServer.ProxyJump,
-		"remotecommand":            newServer.RemoteCommand,
-		"requesttty":               newServer.RequestTTY,
-		"connecttimeout":           newServer.ConnectTimeout,
-		"connectionattempts":       newServer.ConnectionAttempts,
-		"bindaddress":              newServer.BindAddress,
-		"bindinterface":            newServer.BindInterface,
-		"pubkeyauthentication":     newServer.PubkeyAuthentication,
-		"passwordauthentication":   newServer.PasswordAuthentication,
-		"preferredauthentications": newServer.PreferredAuthentications,
-		"pubkeyacceptedalgorithms": newServer.PubkeyAcceptedAlgorithms,
-		"pubkeyacceptedkeytypes":   newServer.PubkeyAcceptedAlgorithms, // Deprecated alias
-		"identitiesonly":           newServer.IdentitiesOnly,
-		"addkeystoagent":           newServer.AddKeysToAgent,
-		"identityagent":            newServer.IdentityAgent,
-		"forwardagent":             newServer.ForwardAgent,
-		"forwardx11":               newServer.ForwardX11,
-		"forwardx11trusted":        newServer.ForwardX11Trusted,
-		"controlmaster":            newServer.ControlMaster,
-		"controlpath":              newServer.ControlPath,
-		"controlpersist":           newServer.ControlPersist,
-		"serveraliveinterval":      newServer.ServerAliveInterval,
-		"serveralivecountmax":      newServer.ServerAliveCountMax,
-		"compression":              newServer.Compression,
-		"tcpkeepalive":             newServer.TCPKeepAlive,
-		"stricthostkeychecking":    newServer.StrictHostKeyChecking,
-		"userknownhostsfile":       newServer.UserKnownHostsFile,
-		"hostkeyalgorithms":        newServer.HostKeyAlgorithms,
-		"macs":                     newServer.MACs,
-		"ciphers":                  newServer.Ciphers,
-		"kexalgorithms":            newServer.KexAlgorithms,
-		"localcommand":             newServer.LocalCommand,
-		"permitlocalcommand":       newServer.PermitLocalCommand,
-		"loglevel":                 newServer.LogLevel,
-		"batchmode":                newServer.BatchMode,
+		"hostname":                    newServer.Host,
+		"user":                        newServer.User,
+		"port":                        fmt.Sprintf("%d", newServer.Port),
+		"proxycommand":                newServer.ProxyCommand,
+		"proxyjump":                   newServer.ProxyJump,
+		"remotecommand":               newServer.RemoteCommand,
+		"requesttty":                  newServer.RequestTTY,
+		"connecttimeout":              newServer.ConnectTimeout,
+		"connectionattempts":          newServer.ConnectionAttempts,
+		"bindaddress":                 newServer.BindAddress,
+		"bindinterface":               newServer.BindInterface,
+		"pubkeyauthentication":        newServer.PubkeyAuthentication,
+		"passwordauthentication":      newServer.PasswordAuthentication,
+		"preferredauthentications":    newServer.PreferredAuthentications,
+		"pubkeyacceptedalgorithms":    newServer.PubkeyAcceptedAlgorithms,
+		"pubkeyacceptedkeytypes":      newServer.PubkeyAcceptedAlgorithms, // Deprecated alias (since OpenSSH 8.5)
+		"hostbasedacceptedalgorithms": newServer.HostbasedAcceptedAlgorithms,
+		"hostbasedkeytypes":           newServer.HostbasedAcceptedAlgorithms, // Deprecated alias (since OpenSSH 8.5)
+		"hostbasedacceptedkeytypes":   newServer.HostbasedAcceptedAlgorithms, // Deprecated alias (since OpenSSH 8.5)
+		"identitiesonly":              newServer.IdentitiesOnly,
+		"addkeystoagent":              newServer.AddKeysToAgent,
+		"identityagent":               newServer.IdentityAgent,
+		"forwardagent":                newServer.ForwardAgent,
+		"forwardx11":                  newServer.ForwardX11,
+		"forwardx11trusted":           newServer.ForwardX11Trusted,
+		"controlmaster":               newServer.ControlMaster,
+		"controlpath":                 newServer.ControlPath,
+		"controlpersist":              newServer.ControlPersist,
+		"serveraliveinterval":         newServer.ServerAliveInterval,
+		"serveralivecountmax":         newServer.ServerAliveCountMax,
+		"compression":                 newServer.Compression,
+		"tcpkeepalive":                newServer.TCPKeepAlive,
+		"stricthostkeychecking":       newServer.StrictHostKeyChecking,
+		"userknownhostsfile":          newServer.UserKnownHostsFile,
+		"hostkeyalgorithms":           newServer.HostKeyAlgorithms,
+		"macs":                        newServer.MACs,
+		"ciphers":                     newServer.Ciphers,
+		"kexalgorithms":               newServer.KexAlgorithms,
+		"localcommand":                newServer.LocalCommand,
+		"permitlocalcommand":          newServer.PermitLocalCommand,
+		"loglevel":                    newServer.LogLevel,
+		"batchmode":                   newServer.BatchMode,
 	}
 	for key, value := range updates {
 		if value != "" {
@@ -315,51 +319,54 @@ func (r *Repository) updateOrAddKVNode(host *ssh_config.Host, key, newValue stri
 // Reference: https://www.ssh.com/academy/ssh/config
 func (r *Repository) getProperKeyCase(key string) string {
 	keyMap := map[string]string{
-		"hostname":                 "HostName",
-		"user":                     "User",
-		"port":                     "Port",
-		"identityfile":             "IdentityFile",
-		"proxycommand":             "ProxyCommand",
-		"proxyjump":                "ProxyJump",
-		"remotecommand":            "RemoteCommand",
-		"requesttty":               "RequestTTY",
-		"connecttimeout":           "ConnectTimeout",
-		"connectionattempts":       "ConnectionAttempts",
-		"bindaddress":              "BindAddress",
-		"bindinterface":            "BindInterface",
-		"localforward":             "LocalForward",
-		"remoteforward":            "RemoteForward",
-		"dynamicforward":           "DynamicForward",
-		"pubkeyauthentication":     "PubkeyAuthentication",
-		"passwordauthentication":   "PasswordAuthentication",
-		"preferredauthentications": "PreferredAuthentications",
-		"pubkeyacceptedalgorithms": "PubkeyAcceptedAlgorithms",
-		"pubkeyacceptedkeytypes":   "PubkeyAcceptedAlgorithms", // Deprecated alias
-		"identitiesonly":           "IdentitiesOnly",
-		"addkeystoagent":           "AddKeysToAgent",
-		"identityagent":            "IdentityAgent",
-		"forwardagent":             "ForwardAgent",
-		"forwardx11":               "ForwardX11",
-		"forwardx11trusted":        "ForwardX11Trusted",
-		"controlmaster":            "ControlMaster",
-		"controlpath":              "ControlPath",
-		"controlpersist":           "ControlPersist",
-		"serveraliveinterval":      "ServerAliveInterval",
-		"serveralivecountmax":      "ServerAliveCountMax",
-		"compression":              "Compression",
-		"tcpkeepalive":             "TCPKeepAlive",
-		"stricthostkeychecking":    "StrictHostKeyChecking",
-		"userknownhostsfile":       "UserKnownHostsFile",
-		"hostkeyalgorithms":        "HostKeyAlgorithms",
-		"macs":                     "MACs",
-		"ciphers":                  "Ciphers",
-		"kexalgorithms":            "KexAlgorithms",
-		"localcommand":             "LocalCommand",
-		"permitlocalcommand":       "PermitLocalCommand",
-		"sendenv":                  "SendEnv",
-		"setenv":                   "SetEnv",
-		"loglevel":                 "LogLevel",
-		"batchmode":                "BatchMode",
+		"hostname":                    "HostName",
+		"user":                        "User",
+		"port":                        "Port",
+		"identityfile":                "IdentityFile",
+		"proxycommand":                "ProxyCommand",
+		"proxyjump":                   "ProxyJump",
+		"remotecommand":               "RemoteCommand",
+		"requesttty":                  "RequestTTY",
+		"connecttimeout":              "ConnectTimeout",
+		"connectionattempts":          "ConnectionAttempts",
+		"bindaddress":                 "BindAddress",
+		"bindinterface":               "BindInterface",
+		"localforward":                "LocalForward",
+		"remoteforward":               "RemoteForward",
+		"dynamicforward":              "DynamicForward",
+		"pubkeyauthentication":        "PubkeyAuthentication",
+		"passwordauthentication":      "PasswordAuthentication",
+		"preferredauthentications":    "PreferredAuthentications",
+		"pubkeyacceptedalgorithms":    "PubkeyAcceptedAlgorithms",
+		"pubkeyacceptedkeytypes":      "PubkeyAcceptedAlgorithms", // Deprecated alias (since OpenSSH 8.5)
+		"hostbasedacceptedalgorithms": "HostbasedAcceptedAlgorithms",
+		"hostbasedkeytypes":           "HostbasedAcceptedAlgorithms", // Deprecated alias (since OpenSSH 8.5)
+		"hostbasedacceptedkeytypes":   "HostbasedAcceptedAlgorithms", // Deprecated alias (since OpenSSH 8.5)
+		"identitiesonly":              "IdentitiesOnly",
+		"addkeystoagent":              "AddKeysToAgent",
+		"identityagent":               "IdentityAgent",
+		"forwardagent":                "ForwardAgent",
+		"forwardx11":                  "ForwardX11",
+		"forwardx11trusted":           "ForwardX11Trusted",
+		"controlmaster":               "ControlMaster",
+		"controlpath":                 "ControlPath",
+		"controlpersist":              "ControlPersist",
+		"serveraliveinterval":         "ServerAliveInterval",
+		"serveralivecountmax":         "ServerAliveCountMax",
+		"compression":                 "Compression",
+		"tcpkeepalive":                "TCPKeepAlive",
+		"stricthostkeychecking":       "StrictHostKeyChecking",
+		"userknownhostsfile":          "UserKnownHostsFile",
+		"hostkeyalgorithms":           "HostKeyAlgorithms",
+		"macs":                        "MACs",
+		"ciphers":                     "Ciphers",
+		"kexalgorithms":               "KexAlgorithms",
+		"localcommand":                "LocalCommand",
+		"permitlocalcommand":          "PermitLocalCommand",
+		"sendenv":                     "SendEnv",
+		"setenv":                      "SetEnv",
+		"loglevel":                    "LogLevel",
+		"batchmode":                   "BatchMode",
 	}
 
 	if properCase, exists := keyMap[strings.ToLower(key)]; exists {

internal/adapters/data/ssh_config_file/mapper.go

@@ -173,7 +173,11 @@ func (r *Repository) mapAuthenticationConfig(server *domain.Server, key, value s
 	case "pubkeyauthentication":
 		server.PubkeyAuthentication = value
 	case "pubkeyacceptedalgorithms", "pubkeyacceptedkeytypes":
+		// PubkeyAcceptedKeyTypes is deprecated alias for PubkeyAcceptedAlgorithms (since OpenSSH 8.5)
 		server.PubkeyAcceptedAlgorithms = value
+	case "hostbasedacceptedalgorithms", "hostbasedkeytypes", "hostbasedacceptedkeytypes":
+		// HostbasedKeyTypes and HostbasedAcceptedKeyTypes are deprecated aliases (since OpenSSH 8.5)
+		server.HostbasedAcceptedAlgorithms = value
 	case "passwordauthentication":
 		server.PasswordAuthentication = value
 	case "preferredauthentications":

internal/adapters/ui/utils.go

@@ -229,6 +229,9 @@ func addAuthOptions(parts *[]string, s domain.Server) {
 	if s.PubkeyAcceptedAlgorithms != "" {
 		*parts = append(*parts, "-o", fmt.Sprintf("PubkeyAcceptedAlgorithms=%s", s.PubkeyAcceptedAlgorithms))
 	}
+	if s.HostbasedAcceptedAlgorithms != "" {
+		*parts = append(*parts, "-o", fmt.Sprintf("HostbasedAcceptedAlgorithms=%s", s.HostbasedAcceptedAlgorithms))
+	}
 	if s.PasswordAuthentication != "" {
 		*parts = append(*parts, "-o", fmt.Sprintf("PasswordAuthentication=%s", s.PasswordAuthentication))
 	}

internal/core/domain/server.go

@@ -45,13 +45,14 @@ type Server struct {
 	DynamicForward []string
 
 	// Authentication and key management
-	PubkeyAuthentication     string
-	PubkeyAcceptedAlgorithms string
-	PasswordAuthentication   string
-	PreferredAuthentications string
-	IdentitiesOnly           string
-	AddKeysToAgent           string
-	IdentityAgent            string
+	PubkeyAuthentication        string
+	PubkeyAcceptedAlgorithms    string
+	HostbasedAcceptedAlgorithms string
+	PasswordAuthentication      string
+	PreferredAuthentications    string
+	IdentitiesOnly              string
+	AddKeysToAgent              string
+	IdentityAgent               string
 
 	// Agent and X11 forwarding
 	ForwardAgent      string