From 66901e4f73e784c612742c8cec86e31e1586ab37 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 6 Aug 2022 13:05:54 +0200 Subject: [PATCH] global settings: drop the support old DSA hostkey support --- hooks/conf_regen/03-ssh | 5 ----- locales/en.json | 2 -- share/config_global.toml | 4 ---- src/utils/legacy.py | 1 - 4 files changed, 12 deletions(-) diff --git a/hooks/conf_regen/03-ssh b/hooks/conf_regen/03-ssh index eb548d4f4..832e07015 100755 --- a/hooks/conf_regen/03-ssh +++ b/hooks/conf_regen/03-ssh @@ -14,11 +14,6 @@ do_pre_regen() { ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true) - # Support legacy setting (this setting might be disabled by a user during a migration) - if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then - ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)" - fi - # Support different strategy for security configurations export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')" export port="$(yunohost settings get 'security.ssh.ssh_port')" diff --git a/locales/en.json b/locales/en.json index 1180415ad..dd0361424 100644 --- a/locales/en.json +++ b/locales/en.json @@ -390,8 +390,6 @@ "global_settings_setting_smtp_relay_password": "SMTP relay password", "global_settings_setting_smtp_relay_port": "SMTP relay port", "global_settings_setting_smtp_relay_user": "SMTP relay user", - "global_settings_setting_ssh_allow_deprecated_dsa_hostkey": "Allow DSA hostkey", - "global_settings_setting_ssh_allow_deprecated_dsa_hostkey_help": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration", "global_settings_setting_ssh_compatibility": "SSH Compatibility", "global_settings_setting_ssh_compatibility_help": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects). See https://infosec.mozilla.org/guidelines/openssh for more info.", "global_settings_setting_ssh_password_authentication": "Password authentication", diff --git a/share/config_global.toml b/share/config_global.toml index 49a674627..f64ef65a7 100644 --- a/share/config_global.toml +++ b/share/config_global.toml @@ -38,10 +38,6 @@ name = "Security" type = "boolean" default = true - [security.ssh.ssh_allow_deprecated_dsa_hostkey] - type = "boolean" - default = false - [security.nginx] name = "NGINX (web server)" [security.nginx.nginx_redirect_to_https] diff --git a/src/utils/legacy.py b/src/utils/legacy.py index 1ef3c1023..df6c10025 100644 --- a/src/utils/legacy.py +++ b/src/utils/legacy.py @@ -68,7 +68,6 @@ LEGACY_SETTINGS = { "security.ssh.compatibility": "security.ssh.ssh_compatibility", "security.ssh.port": "security.ssh.ssh_port", "security.ssh.password_authentication": "security.ssh.ssh_password_authentication", - "service.ssh.allow_deprecated_dsa_hostkey": "security.ssh.ssh_allow_deprecated_dsa_hostkey", "security.nginx.redirect_to_https": "security.nginx.nginx_redirect_to_https", "security.nginx.compatibility": "security.nginx.nginx_compatibility", "security.postfix.compatibility": "security.postfix.postfix_compatibility",