`server gave bad signature for RSA key 0: incorrect signature` on connect

[un-def]

The following warning is printed after successful authentication:

client_global_hostkeys_prove_confirm: server gave bad signature for RSA key 0: incorrect signature

DEBUG3 log with relevant messages:

debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:pBfV4Mkhk33j52vy5/K0n4S6rAeZl+3KWpI7RlKjR8Y
debug3: client_input_hostkeys: received ECDSA key SHA256:ZC/9S8peKtRgAfiHNSrRvH34ZsB+f1XoRh2NlBTjmGg
debug3: client_input_hostkeys: received ED25519 key SHA256:HwSlQTKh/PnjJMKSNqBv4JlPcKRtWTGLOeBlYlkw8fE
debug3: client_input_hostkeys: asking server to prove ownership for 3 keys
debug3: send packet: type 80
debug3: receive packet: type 91
debug3: receive packet: type 81
debug3: client_global_hostkeys_prove_confirm: verify RSA key 0 using sigalg rsa-sha2-512
client_global_hostkeys_prove_confirm: server gave bad signature for RSA key 0: incorrect signature

hostkeys-00@openssh.com request in the log is part of host key update mechanism:

On success, the server returns the following message:

   byte             SSH_MSG_REQUEST_SUCCESS
   string[]         signatures

Each signature is made by signing the following structure with the corresponding key[...]

   string           "hostkeys-prove-0"
   string           session identifier
   string           hostkey

As client-sshproxy and sshproxy-upstream connections has different sessions identifiers, the signature check always fails.