upstream: stop loading DSA keys by default, remove sshd_config

stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@

OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09

servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.323 2018/02/09 02:37:36 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.324 2018/02/16 02:32:40 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -247,8 +247,6 @@ fill_default_server_options(ServerOptions *options)
 		/* fill default hostkeys for protocols */
 		servconf_add_hostkey("[default]", 0, options,
 		    _PATH_HOST_RSA_KEY_FILE);
-		servconf_add_hostkey("[default]", 0, options,
-		    _PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
 		servconf_add_hostkey("[default]", 0, options,
 		    _PATH_HOST_ECDSA_KEY_FILE);

sshd.8

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.294 2018/02/05 04:02:53 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.295 2018/02/16 02:32:40 djm Exp $
-.Dd $Mdocdate: February 5 2018 $
+.Dd $Mdocdate: February 16 2018 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -166,7 +166,6 @@ This option must be given if
 is not run as root (as the normal
 host key files are normally not readable by anyone but root).
 The default is
-.Pa /etc/ssh/ssh_host_dsa_key ,
 .Pa /etc/ssh/ssh_host_ecdsa_key ,
 .Pa /etc/ssh/ssh_host_ed25519_key
 and
@@ -874,7 +873,6 @@ This file is used in exactly the same way as
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
-.It Pa /etc/ssh/ssh_host_dsa_key
 .It Pa /etc/ssh/ssh_host_ecdsa_key
 .It Pa /etc/ssh/ssh_host_ed25519_key
 .It Pa /etc/ssh/ssh_host_rsa_key
@@ -885,7 +883,6 @@ Note that
 .Nm
 does not start if these files are group/world-accessible.
 .Pp
-.It Pa /etc/ssh/ssh_host_dsa_key.pub
 .It Pa /etc/ssh/ssh_host_ecdsa_key.pub
 .It Pa /etc/ssh/ssh_host_ed25519_key.pub
 .It Pa /etc/ssh/ssh_host_rsa_key.pub

sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
+#	$OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -16,7 +16,6 @@
 #ListenAddress ::
 
 #HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.261 2018/02/10 06:54:38 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.262 2018/02/16 02:32:40 djm Exp $
-.Dd $Mdocdate: February 10 2018 $
+.Dd $Mdocdate: February 16 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -714,7 +714,6 @@ is not to load any certificates.
 Specifies a file containing a private host key
 used by SSH.
 The defaults are
-.Pa /etc/ssh/ssh_host_dsa_key ,
 .Pa /etc/ssh/ssh_host_ecdsa_key ,
 .Pa /etc/ssh/ssh_host_ed25519_key
 and