PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
23030875 network/ssh SMF method: generate correct host key types
--- a/components/openssh/patches/040-default_config_files.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/040-default_config_files.patch Wed Apr 20 13:13:57 2016 -0700
@@ -122,7 +122,7 @@
+# Host private key files
+# Must be on a local disk and readable only by the root user (root:sys 600).
+HostKey /etc/ssh/ssh_host_rsa_key
-+HostKey /etc/ssh/ssh_host_dsa_key
++HostKey /etc/ssh/ssh_host_ed25519_key
+
+# sshd regenerates the key every KeyRegenerationInterval seconds.
+# The key is never stored anywhere except the memory of sshd.
--- a/components/openssh/sources/sshd.sh Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/sources/sshd.sh Wed Apr 20 13:13:57 2016 -0700
@@ -136,13 +136,13 @@
# sysidconfig/sys-unconfig arguments (-c and -u)
'-c')
create_key $SSHDIR/ssh_host_rsa_key rsa
- create_key $SSHDIR/ssh_host_dsa_key dsa
+ create_key $SSHDIR/ssh_host_ed25519_key ed25519
;;
'-u')
# sysconfig unconfigure to remove the sshd host keys
remove_key $SSHDIR/ssh_host_rsa_key
- remove_key $SSHDIR/ssh_host_dsa_key
+ remove_key $SSHDIR/ssh_host_ed25519_key
;;
# SMF arguments (start and restart [really "refresh"])
@@ -154,7 +154,7 @@
# the install media).
#
create_key $SSHDIR/ssh_host_rsa_key rsa
- create_key $SSHDIR/ssh_host_dsa_key dsa
+ create_key $SSHDIR/ssh_host_ed25519_key ed25519
#
# Make sure, that /etc/ssh/sshd_config does not contain single line