From fdd80b3518f1be1c7e85d7fcb7df0fdc29f01c0a Mon Sep 17 00:00:00 2001 From: naddy Date: Tue, 19 Sep 2023 15:02:54 +0000 Subject: [PATCH] etc: drop vestiges of obsolete DSA ssh host keys It has been 8 years since DSA keys were disabled by default for ssh/sshd, and 15 months since ssh-keygen -A belatedly stopped generating DSA host keys. ok semarie@ deraadt@ --- etc/changelist | 4 +--- etc/mtree/special | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/etc/changelist b/etc/changelist index 10f546b7986..ad69d8bb252 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.136 2023/04/24 16:36:54 kn Exp $ +# $OpenBSD: changelist,v 1.137 2023/09/19 15:02:54 naddy Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -126,8 +126,6 @@ +/etc/soii.key +/etc/spwd.db /etc/ssh/ssh_config -+/etc/ssh/ssh_host_dsa_key -/etc/ssh/ssh_host_dsa_key.pub +/etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub +/etc/ssh/ssh_host_ed25519_key diff --git a/etc/mtree/special b/etc/mtree/special index dbe1aa7594e..e208ce290d3 100644 --- a/etc/mtree/special +++ b/etc/mtree/special @@ -1,4 +1,4 @@ -# $OpenBSD: special,v 1.128 2022/05/12 22:13:06 sthen Exp $ +# $OpenBSD: special,v 1.129 2023/09/19 15:02:55 naddy Exp $ # # Hand-crafted mtree specification for the dangerous files. # @@ -101,8 +101,6 @@ soii.key type=file mode=0600 uname=root gname=wheel optional spwd.db type=file mode=0640 uname=root gname=_shadow ssh type=dir mode=0755 uname=root gname=wheel optional ssh_config type=file mode=0644 uname=root gname=wheel -ssh_host_dsa_key type=file mode=0600 uname=root gname=wheel optional -ssh_host_dsa_key.pub type=file mode=0644 uname=root gname=wheel optional ssh_host_ecdsa_key type=file mode=0600 uname=root gname=wheel optional ssh_host_ecdsa_key.pub type=file mode=0644 uname=root gname=wheel optional ssh_host_ed25519_key type=file mode=0600 uname=root gname=wheel optional -- 2.20.1