More explicit name for setting

data/hooks/conf_regen/03-ssh

@@ -13,8 +13,8 @@ do_pre_regen() {
       [[ -f /proc/net/if_inet6 ]] \
         || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
 
-      # Add DSA HostKey to let user remove it with migration 7
-      if [[ "$(yunohost settings get 'service.ssh._deprecated_dsa_hostkey')" == "True" ]]; then
+      # Support legacy setting (this setting might be disabled by a user during a migration)
+      if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
           sed -i '/HostKey \/etc\/ssh\/ssh_host_rsa_key/a HostKey /etc/ssh/ssh_host_dsa_key' sshd_config
       fi
 

src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py

@@ -23,13 +23,13 @@ class MyMigration(Migration):
     This is the first step of a couple of migrations that ensure SSH conf is
     managed by YunoHost (even if the "from_script" flag is present, which was
     previously preventing it from being managed by YunoHost)
-    
+
     The goal of this first (automatic) migration is to make sure that the
     sshd_config is managed by the regen-conf mechanism.
 
     If the from_script flag exists, then we keep the current SSH conf such that it
     will appear as "manually modified" to the regenconf.
-    
+
     In step 2 (manual), the admin will be able to choose wether or not to actually
     use the recommended configuration, with an appropriate disclaimer.
     """
@@ -44,15 +44,15 @@ class MyMigration(Migration):
                 dsa = True
                 break
         if dsa:
-            settings_set("service.ssh._deprecated_dsa_hostkey", True)
+            settings_set("service.ssh.allow_deprecated_dsa_hostkey", True)
 
         # Create sshd_config.d dir
         if not os.path.exists(SSHD_CONF + '.d'):
             mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root')
 
         # Here, we make it so that /etc/ssh/sshd_config is managed
-        # by the regen conf (in particular in the case where the 
-        # from_script flag is present - in which case it was *not* 
+        # by the regen conf (in particular in the case where the
+        # from_script flag is present - in which case it was *not*
         # managed by the regenconf)
         # But because we can't be sure the user wants to use the
         # recommended conf, we backup then restore the /etc/ssh/sshd_config

src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py

@@ -28,7 +28,7 @@ class MyMigration(Migration):
     """
 
     def migrate(self):
-        settings_set("service.ssh._deprecated_dsa_hostkey", False)
+        settings_set("service.ssh.allow_deprecated_dsa_hostkey", False)
         service_regen_conf(names=['ssh'], force=True)
 
     def backward(self):
@@ -44,7 +44,7 @@ class MyMigration(Migration):
         # (basically nothing shall change)
         ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None)
         current_hash = _calculate_hash(SSHD_CONF)
-        dsa = settings_get("service.ssh._deprecated_dsa_hostkey")
+        dsa = settings_get("service.ssh.allow_deprecated_dsa_hostkey")
         if ynh_hash == current_hash and not dsa:
             return "auto"
 

src/yunohost/settings.py

@@ -39,7 +39,7 @@ DEFAULTS = OrderedDict([
     # -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest
     ("security.password.admin.strength", {"type": "int", "default": 1}),
     ("security.password.user.strength", {"type": "int", "default": 1}),
-    ("service.ssh._deprecated_dsa_hostkey", {"type": "bool", "default": False}),
+    ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", "default": False}),
 ])