From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 3/5] sshd_config: Drop RSA key
Date: Fri, 20 Sep 2024 14:20:20 +0000
Message-ID: <20240920142022.589371-3-peter.mueller@ipfire.org>
In-Reply-To: <20240920142022.589371-1-peter.mueller@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5091864447793040903=="
List-Id: <development.lists.ipfire.org>

--===============5091864447793040903==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/ssh/sshd_config | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config
index 76c9b3eb1..630370411 100644
--- a/config/ssh/sshd_config
+++ b/config/ssh/sshd_config
@@ -24,10 +24,9 @@ KexAlgorithms sntrup761x25519-sha512(a)openssh.com,curve25=
519-sha256,curve25519-sh
 Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(=
a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
 MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-12=
8-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com
=20
-# Only allow cryptographically safe SSH host keys (adjust paths if needed)
+# Only allow cryptographically safe SSH host keys
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_rsa_key
=20
 # Only allow login via public key by default
 PubkeyAuthentication yes
--=20
2.39.5


--===============5091864447793040903==--