From d7b82e7ccee811b6a451522734d10bd2b6c6628d Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 22 Oct 2015 13:08:27 +0200
Subject: [PATCH] openssh: disable dsa key usage.

fixes #10934

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 config/rootfiles/core/94/update.sh | 5 ++++-
 lfs/openssh                        | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh
index e6f9cf194f..a9c24a5f83 100644
--- a/config/rootfiles/core/94/update.sh
+++ b/config/rootfiles/core/94/update.sh
@@ -47,7 +47,10 @@ telinit u
 
 # Update SSH configuration
 sed -i /etc/ssh/sshd_config \
-	-e 's/^#PermitRootLogin yes$/PermitRootLogin yes/'
+	-e 's/^#PermitRootLogin yes$/PermitRootLogin yes/' \
+	-e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$|HostKey /etc/ssh/ssh_host_rsa_key|' \
+	-e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$|HostKey /etc/ssh/ssh_host_ecdsa_key|' \
+	-e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$|HostKey /etc/ssh/ssh_host_ed25519_key|' \
 
 # Move away old and unsupported keys
 mv -f /etc/ssh/ssh_host_dsa_key{,.old}
diff --git a/lfs/openssh b/lfs/openssh
index 22d1de5bfd..1178d6ff06 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2015  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -91,6 +91,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	    -e 's/^#\?LogLevel INFO .*$$/LogLevel INFO/' \
 	    -e 's/^#\?AllowTcpForwarding .*$$/AllowTcpForwarding no/' \
 	    -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' \
+	    -e 's|^#\?HostKey /etc/ssh/ssh_host_rsa_key$$|HostKey /etc/ssh/ssh_host_rsa_key|' \
+	    -e 's|^#\?HostKey /etc/ssh/ssh_host_ecdsa_key$$|HostKey /etc/ssh/ssh_host_ecdsa_key|' \
+	    -e 's|^#\?HostKey /etc/ssh/ssh_host_ed25519_key$$|HostKey /etc/ssh/ssh_host_ed25519_key|' \
 	    /etc/ssh/sshd_config
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
-- 
2.39.2