From 576f1b99767eec12d97406893a34251bd53fd425 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Mon, 20 Aug 2018 09:35:02 -0500 Subject: [PATCH] Remove ssh v1 options from sshd_config The options are deprecated and don't do anything - but they do put warnings into the service logs. Change-Id: If53bc8aecc7df75c99ae71e5adb8189790405795 --- playbooks/roles/base-server/templates/sshd_config.j2 | 7 ------- 1 file changed, 7 deletions(-) diff --git a/playbooks/roles/base-server/templates/sshd_config.j2 b/playbooks/roles/base-server/templates/sshd_config.j2 index 8aa4f8531f..6e636c6593 100644 --- a/playbooks/roles/base-server/templates/sshd_config.j2 +++ b/playbooks/roles/base-server/templates/sshd_config.j2 @@ -15,10 +15,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 - # Logging SyslogFacility AUTH LogLevel INFO @@ -28,14 +24,11 @@ LoginGraceTime 120 PermitRootLogin no StrictModes yes -RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication