From 04da8aa70acfa411ee124669a11e5b8a1eaf2921 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 20 Aug 2015 23:20:44 +0100 Subject: [PATCH] Do not create any DSA keys any more DSA is considered weak cryptography Signed-off-by: Michael Tremer --- config/rootfiles/core/94/filelists/files | 1 + config/rootfiles/core/94/update.sh | 3 +++ src/initscripts/init.d/sshd | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/94/filelists/files b/config/rootfiles/core/94/filelists/files index 168c7d188b..2dce10a105 100644 --- a/config/rootfiles/core/94/filelists/files +++ b/config/rootfiles/core/94/filelists/files @@ -1,3 +1,4 @@ etc/system-release etc/issue +etc/rc.d/init.d/sshd var/ipfire/langs diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh index d92ef916ba..0d77743e87 100644 --- a/config/rootfiles/core/94/update.sh +++ b/config/rootfiles/core/94/update.sh @@ -45,6 +45,9 @@ extract_files sed -i /etc/ssh/sshd_config \ -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' +# Move away old and unsupported keys +mv -f /etc/ssh/ssh_host_dsa_key{,.old} + # Start services /etc/init.d/dnsmasq start /etc/init.d/sshd start diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd index 0ed8661653..7533184f06 100644 --- a/src/initscripts/init.d/sshd +++ b/src/initscripts/init.d/sshd @@ -18,7 +18,7 @@ case "$1" in evaluate_retval fi - for algo in rsa dsa ecdsa ed25519; do + for algo in rsa ecdsa ed25519; do keyfile="/etc/ssh/ssh_host_${algo}_key" # If the key already exists, there is nothing to do. -- 2.39.5