upstream: stop loading DSA keys by default, remove sshd_config

stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@

OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09

4 files changed, 6 insertions, 13 deletions

diff --git a/servconf.c b/servconf.c
index f0ab429a1..bf8ad671d 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.323 2018/02/09 02:37:36 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.324 2018/02/16 02:32:40 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -247,8 +247,6 @@ fill_default_server_options(ServerOptions *options)
                 /* fill default hostkeys for protocols */
                 servconf_add_hostkey("[default]", 0, options,
                     _PATH_HOST_RSA_KEY_FILE);
-                servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
                 servconf_add_hostkey("[default]", 0, options,
                     _PATH_HOST_ECDSA_KEY_FILE);
diff --git a/sshd.8 b/sshd.8
index 80e016fb8..0865373f5 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.294 2018/02/05 04:02:53 djm Exp $
-.Dd $Mdocdate: February 5 2018 $
+.\" $OpenBSD: sshd.8,v 1.295 2018/02/16 02:32:40 djm Exp $
+.Dd $Mdocdate: February 16 2018 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -166,7 +166,6 @@ This option must be given if
 is not run as root (as the normal
 host key files are normally not readable by anyone but root).
 The default is
-.Pa /etc/ssh/ssh_host_dsa_key ,
 .Pa /etc/ssh/ssh_host_ecdsa_key ,
 .Pa /etc/ssh/ssh_host_ed25519_key
 and
@@ -874,7 +873,6 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
-.It Pa /etc/ssh/ssh_host_dsa_key
 .It Pa /etc/ssh/ssh_host_ecdsa_key
 .It Pa /etc/ssh/ssh_host_ed25519_key
 .It Pa /etc/ssh/ssh_host_rsa_key
@@ -885,7 +883,6 @@ Note that
 .Nm
 does not start if these files are group/world-accessible.
 .Pp
-.It Pa /etc/ssh/ssh_host_dsa_key.pub
 .It Pa /etc/ssh/ssh_host_ecdsa_key.pub
 .It Pa /etc/ssh/ssh_host_ed25519_key.pub
 .It Pa /etc/ssh/ssh_host_rsa_key.pub
diff --git a/sshd_config b/sshd_config
index 4eb2e02e0..3109d5d73 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+#       $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -16,7 +16,6 @@
 #ListenAddress ::
 
 #HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 
diff --git a/sshd_config.5 b/sshd_config.5
index dff24fd12..fd7ab1a24 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.261 2018/02/10 06:54:38 djm Exp $
-.Dd $Mdocdate: February 10 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.262 2018/02/16 02:32:40 djm Exp $
+.Dd $Mdocdate: February 16 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -714,7 +714,6 @@ is not to load any certificates.
 Specifies a file containing a private host key
 used by SSH.
 The defaults are
-.Pa /etc/ssh/ssh_host_dsa_key ,
 .Pa /etc/ssh/ssh_host_ecdsa_key ,
 .Pa /etc/ssh/ssh_host_ed25519_key
 and