This key has been removed on new installations.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/ssh/sshd_config | 1 - 1 file changed, 1 deletion(-)
diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index e338f8cef..09d771b9a 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -27,7 +27,6 @@ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@op # Only allow cryptographically safe SSH host keys (adjust paths if needed) HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ecdsa_key -HostKey /etc/ssh/ssh_host_rsa_key
# Only allow login via public key by default PubkeyAuthentication yes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/rootfiles/core/190/update.sh | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/config/rootfiles/core/190/update.sh b/config/rootfiles/core/190/update.sh index 16ef608e2..3950ba903 100644 --- a/config/rootfiles/core/190/update.sh +++ b/config/rootfiles/core/190/update.sh @@ -104,6 +104,14 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup
+# Load the RSA key on systems that still have one +if [ -e "/etc/ssh/ssh_host_rsa_key" ]; then + ( + echo "# Load the legacy RSA key - Deprecated in Core Update 190" + echo "HostKey /etc/ssh/ssh_host_rsa_key" + ) > /etc/ssh/sshd_config.d/rsa.conf +fi + # Apply local configuration to sshd_config /usr/local/bin/sshctrl