Remove deprecated options from openssh/files/sshd_config and pillar.example

2025-04-23 06:08:15 +02:00 · 2017-11-12 00:36:34 +01:00 · 2017-11-12 00:36:34 +01:00 · c1d6337620
commit c1d6337620
parent a2dd72bb3e
2 changed files with 1 additions and 13 deletions
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@ -101,15 +101,11 @@
 {{ option('ListenAddress', ['::', '0.0.0.0']) }}
 {{ option_default_uncommented('Protocol', 2) }}
 # HostKeys for protocol version 2
-{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}
+{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}

 #Privilege Separation is turned on for security
 {{ option_default_uncommented('UsePrivilegeSeparation', 'sandbox') }}

-# Lifetime and size of ephemeral version 1 server key
-{{ option_default_uncommented('KeyRegenerationInterval', 3600) }}
-{{ option_default_uncommented('ServerKeyBits', 1024) }}
-
 # Logging
 {{ option_default_uncommented('SyslogFacility', 'AUTH') }}
 {{ option_default_uncommented('LogLevel', 'INFO') }}
@ -126,7 +122,6 @@
 {{ option_default_uncommented('MaxSessions', '10') }}

 {{ option('DSAAuthentication', 'yes') }}
-{{ option_default_uncommented('RSAAuthentication', 'yes') }}
 {{ option_default_uncommented('PubkeyAuthentication', 'yes') }}
 {{ option('AuthorizedKeysFile', '%h/.ssh/authorized_keys') }}
 {{ option('AuthorizedKeysCommand', 'none') }}
@ -134,8 +129,6 @@

 # Don't read the user's ~/.rhosts and ~/.shosts files
 {{ option_default_uncommented('IgnoreRhosts', 'yes') }}
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-{{ option_default_uncommented('RhostsRSAAuthentication', 'no') }}
 # similar for protocol version 2
 {{ option_default_uncommented('HostbasedAuthentication', 'no') }}
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
--- a/pillar.example
+++ b/pillar.example
@ -8,12 +8,9 @@ sshd_config:
  Protocol: 2
  HostKey:
    - /etc/ssh/ssh_host_rsa_key
-    - /etc/ssh/ssh_host_dsa_key
    - /etc/ssh/ssh_host_ecdsa_key
    - /etc/ssh/ssh_host_ed25519_key
  UsePrivilegeSeparation: 'sandbox'
-  KeyRegenerationInterval: 3600
-  ServerKeyBits: 1024
  SyslogFacility: AUTH
  LogLevel: INFO
  ClientAliveInterval: 0
@ -148,8 +145,6 @@ ssh_config:
  StrictHostKeyChecking: no
  ForwardAgent: no
  ForwardX11: no
-  RhostsRSAAuthentication: no
-  RSAAuthentication: yes
  PasswordAuthentication: yes
  HostbasedAuthentication: no
  GSSAPIAuthentication: no