From 922f3a7599d03234b6bb2ffb22a33624e7cf1953 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 16 Jan 2017 13:53:04 +0000
Subject: Remove ssh_host_dsa_key from HostKey default

The client no longer accepts DSA host keys, and servers using the
default HostKey setting should have better host keys available.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2662
Bug-Debian: https://bugs.debian.org/850614
Last-Update: 2017-01-16

Patch-Name: no-dsa-host-key-by-default.patch
---
 sshd.8 | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'sshd.8')

diff --git a/sshd.8 b/sshd.8
index 02c5e1dfd..8c2306579 100644
--- a/sshd.8
+++ b/sshd.8
@@ -164,11 +164,10 @@ This option must be given if
 is not run as root (as the normal
 host key files are normally not readable by anyone but root).
 The default is
-.Pa /etc/ssh/ssh_host_dsa_key ,
-.Pa /etc/ssh/ssh_host_ecdsa_key ,
-.Pa /etc/ssh/ssh_host_ed25519_key
+.Pa /etc/ssh/ssh_host_rsa_key ,
+.Pa /etc/ssh/ssh_host_ecdsa_key
 and
-.Pa /etc/ssh/ssh_host_rsa_key .
+.Pa /etc/ssh/ssh_host_ed25519_key .
 It is possible to have multiple host key files for
 the different host key algorithms.
 .It Fl i
-- 
cgit v1.2.3