From: Tomasz Pala <gotar@pld-linux.org>
Date: Mon, 22 Aug 2016 11:56:38 +0000 (+0200)
Subject: do not enable upstream-disabled DSA keys
X-Git-Tag: auto/th/openssh-7.3p1-2~3
X-Git-Url: http://git.pld-linux.org/?p=packages%2Fopenssh.git;a=commitdiff_plain;h=aeeeb6db5b62e6bf029c88e8ec0478a118baa859

do not enable upstream-disabled DSA keys

reenabling them (temporarily) should be consciuos admin decision to follow
transition period until they are ultimately removed from openssh. Note
the double-hash comment to indicate, that this is only a hint, not default
---

diff --git a/openssh-config.patch b/openssh-config.patch
index e48b3f2..9f74e69 100644
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -15,7 +15,7 @@
  #PermitEmptyPasswords no
 +
 +# Allow DSA keys
-+PubkeyAcceptedKeyTypes +ssh-dss
++## PubkeyAcceptedKeyTypes +ssh-dss
  
  # Change to no to disable s/key passwords
  #ChallengeResponseAuthentication yes