Page MenuHomeDevCentral

D1380.diff
No OneTemporary

D1380.diff

diff --git a/roles/core/sshd/files/sshd_config b/roles/core/sshd/files/sshd_config
--- a/roles/core/sshd/files/sshd_config
+++ b/roles/core/sshd/files/sshd_config
@@ -18,6 +18,13 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
+{% if grains['os'] == 'CentOS' -%}
+# Don't use host DSA key (CentOS by default uses it, see T1352)
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+{%- endif %}
+
# Nasqueron servers authentication should only occur through SSH keys
# but PAM can offer extra capabilities if needed like OTP.
PasswordAuthentication no

File Metadata

Mime Type
text/plain
Expires
Wed, Nov 27, 04:47 (17 h, 8 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2265990
Default Alt Text
D1380.diff (692 B)

Event Timeline