webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Do not create any DSA keys any more

Browse Source 
DSA is considered weak cryptography

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-08-20 23:20:44 +01:00
parent cec620efdf
commit 04da8aa70a
3 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/core/94/filelists/files
View File

@@ -1,3 +1,4 @@
etc/system-release etc/system-release
etc/issue etc/issue
etc/rc.d/init.d/sshd
var/ipfire/langs var/ipfire/langs

3
config/rootfiles/core/94/update.sh
View File

@@ -45,6 +45,9 @@ extract_files
sed -i /etc/ssh/sshd_config \ sed -i /etc/ssh/sshd_config \
-e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/' -e 's/^#\?PermitRootLogin .*$$/PermitRootLogin yes/'
# Move away old and unsupported keys
mv -f /etc/ssh/ssh_host_dsa_key{,.old}
# Start services # Start services
/etc/init.d/dnsmasq start /etc/init.d/dnsmasq start
/etc/init.d/sshd start /etc/init.d/sshd start

2
src/initscripts/init.d/sshd
View File

@@ -18,7 +18,7 @@ case "$1" in
evaluate_retval evaluate_retval
fi fi
for algo in rsa dsa ecdsa ed25519; do for algo in rsa ecdsa ed25519; do
keyfile="/etc/ssh/ssh_host_${algo}_key" keyfile="/etc/ssh/ssh_host_${algo}_key"
# If the key already exists, there is nothing to do. # If the key already exists, there is nothing to do.