Skip to content
Snippets Groups Projects
Verified Commit 9d229b84 authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Remove not used DSA host keys 

It has been disabled client side since 7.0[1] (2015-08-11), server side
since 7.7[2][3] (2018-04-02), default DSA host key generation has been
disabled since 9.1[4] (2022-10-04) and with 9.8[5] (2024-07-01) DSA
support is disabled by default at compile time. In other words, DSA has
de facto been disabled (by default) for years.

From the 9.8 release notes[5]:
"OpenSSH plans to remove support for the DSA signature algorithm in
early 2025"

The DSA host keys have been removed on our servers by running[6]:
ansible all -a "rm /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub"

[1] https://www.openssh.com/txt/release-7.0
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=2662
[3] https://github.com/openssh/openssh-portable/commit/88c50a5ae20902715f0fca306bb9c38514f71679
[4] https://www.openssh.com/txt/release-9.1
[5] https://www.openssh.com/txt/release-9.8
[6] #596 (comment 203938)

Fix #596
parent 7709a2f7
No related branches found
No related tags found
Checking pipeline status
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 62 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment