Do not create any DSA keys any more

DSA is considered weak cryptography

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/core/94/filelists/files

@@ -1,3 +1,4 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/sshd
 var/ipfire/langs

config/rootfiles/core/94/update.sh

@@ -45,6 +45,9 @@ extract_files
 sed -i /etc/ssh/sshd_config \
 	-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/'
 
+# Move away old and unsupported keys
+mv -f /etc/ssh/ssh_host_dsa_key{,.old}
+
 # Start services
 /etc/init.d/dnsmasq start
 /etc/init.d/sshd start

src/initscripts/init.d/sshd

@@ -18,7 +18,7 @@ case "$1" in
 		evaluate_retval
 	fi
 
-	for algo in rsa dsa ecdsa ed25519; do
+	for algo in rsa ecdsa ed25519; do
 		keyfile="/etc/ssh/ssh_host_${algo}_key"
 
 		# If the key already exists, there is nothing to do.