* Disable DSA ssh keys by default
OpenSSH has disabled DSA keys since version 7.0
As the docker runs openssh > v7.0 we should just disable
DSA keys by default.
Refers to #11417
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just disable DSA keys by default
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove DSA type
* Fix Tests
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
@ -258,7 +258,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
- `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
- `SSH_BACKUP_AUTHORIZED_KEYS`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true.
- `SSH_BACKUP_AUTHORIZED_KEYS`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true.
- `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
- `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
- `MINIMUM_KEY_SIZE_CHECK`: **false**: Indicate whether to check minimum key size with corresponding type.
- `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
@ -479,7 +479,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
- `ED25519`: **256**
- `ED25519`: **256**
- `ECDSA`: **256**
- `ECDSA`: **256**
- `RSA`: **2048**
- `RSA`: **2048**
- `DSA`: **1024**
- `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider