YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

global settings: drop the support old DSA hostkey support

Browse source
This commit is contained in:
Alexandre Aubin 2022-08-06 13:05:54 +02:00
parent 133d8b60c1
commit 66901e4f73
4 changed files with 0 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hooks/conf_regen/03-ssh
View file

@ -14,11 +14,6 @@ do_pre_regen() {
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true) ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)
# Support legacy setting (this setting might be disabled by a user during a migration)
if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
fi
# Support different strategy for security configurations # Support different strategy for security configurations
export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')" export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
export port="$(yunohost settings get 'security.ssh.ssh_port')" export port="$(yunohost settings get 'security.ssh.ssh_port')"

2
locales/en.json
View file

@ -390,8 +390,6 @@
"global_settings_setting_smtp_relay_password": "SMTP relay password", "global_settings_setting_smtp_relay_password": "SMTP relay password",
"global_settings_setting_smtp_relay_port": "SMTP relay port", "global_settings_setting_smtp_relay_port": "SMTP relay port",
"global_settings_setting_smtp_relay_user": "SMTP relay user", "global_settings_setting_smtp_relay_user": "SMTP relay user",
"global_settings_setting_ssh_allow_deprecated_dsa_hostkey": "Allow DSA hostkey",
"global_settings_setting_ssh_allow_deprecated_dsa_hostkey_help": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration",
"global_settings_setting_ssh_compatibility": "SSH Compatibility", "global_settings_setting_ssh_compatibility": "SSH Compatibility",
"global_settings_setting_ssh_compatibility_help": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects). See https://infosec.mozilla.org/guidelines/openssh for more info.", "global_settings_setting_ssh_compatibility_help": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects). See https://infosec.mozilla.org/guidelines/openssh for more info.",
"global_settings_setting_ssh_password_authentication": "Password authentication", "global_settings_setting_ssh_password_authentication": "Password authentication",

4
share/config_global.toml
View file

@ -38,10 +38,6 @@ name = "Security"
type = "boolean" type = "boolean"
default = true default = true
[security.ssh.ssh_allow_deprecated_dsa_hostkey]
type = "boolean"
default = false
[security.nginx] [security.nginx]
name = "NGINX (web server)" name = "NGINX (web server)"
[security.nginx.nginx_redirect_to_https] [security.nginx.nginx_redirect_to_https]

1
src/utils/legacy.py
View file

@ -68,7 +68,6 @@ LEGACY_SETTINGS = {
"security.ssh.compatibility": "security.ssh.ssh_compatibility", "security.ssh.compatibility": "security.ssh.ssh_compatibility",
"security.ssh.port": "security.ssh.ssh_port", "security.ssh.port": "security.ssh.ssh_port",
"security.ssh.password_authentication": "security.ssh.ssh_password_authentication", "security.ssh.password_authentication": "security.ssh.ssh_password_authentication",
"service.ssh.allow_deprecated_dsa_hostkey": "security.ssh.ssh_allow_deprecated_dsa_hostkey",
"security.nginx.redirect_to_https": "security.nginx.nginx_redirect_to_https", "security.nginx.redirect_to_https": "security.nginx.nginx_redirect_to_https",
"security.nginx.compatibility": "security.nginx.nginx_compatibility", "security.nginx.compatibility": "security.nginx.nginx_compatibility",
"security.postfix.compatibility": "security.postfix.postfix_compatibility", "security.postfix.compatibility": "security.postfix.postfix_compatibility",