From: Tom Hughes <tom@compton.nu>
Date: Tue, 16 Jun 2020 18:37:40 +0000 (+0100)
Subject: Remove any legacy DSA host keys
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/23010095caf811ead98b5bf04585fab1329459bd

Remove any legacy DSA host keys
---

diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb
index 3349dc85d..c5738f45b 100644
--- a/cookbooks/openssh/recipes/default.rb
+++ b/cookbooks/openssh/recipes/default.rb
@@ -28,6 +28,14 @@ service "ssh" do
   supports :status => true, :restart => true, :reload => true
 end
 
+file "/etc/ssh/ssh_host_dsa_key" do
+  action :delete
+end
+
+file "/etc/ssh/ssh_host_dsa_key.pub" do
+  action :delete
+end
+
 hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.collect do |node|
   name = node.name.split(".").first
 
@@ -42,8 +50,7 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll
   end
 
   keys = {
-    "ssh-rsa" => node[:keys][:ssh][:host_rsa_public],
-    "ssh-dss" => node[:keys][:ssh][:host_dsa_public]
+    "ssh-rsa" => node[:keys][:ssh][:host_rsa_public]
   }
 
   if node[:keys][:ssh][:host_ecdsa_public]