Merge pull request #92 from techraf/remove-dsa-host-key

Defaults: Remove DSA from SSH host keys to match ssh-baseline profile
dev-sec · Jan 25, 2017 · 45a464b · 45a464b
2 parents 99e063e + 9e85454
commit 45a464b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -30,7 +30,7 @@ ssh_client_ports: ['22']      # ssh
 ssh_listen_to: ['0.0.0.0']    # sshd
 
 # Host keys to look for when starting sshd.
-ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']        # sshd
+ssh_host_key_files: ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']        # sshd
 
 # Specifies  the  maximum  number  of authentication attempts permitted per connection.  Once the number of failures reaches half this value, additional failures are logged.
 ssh_max_auth_retries: 2