From 6c9392a8bcffffef973686925f21b3fbec0353ce Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 9 Aug 2017 03:12:31 +0200
Subject: [PATCH] sshd_config: remove protocol version 1 specific options

These options are useless as they only apply to protocol version 1,
while we explicitely force the protocol to version 2. They have started
to fill logs with deprecation warnings on stretch hosts.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
 modules/ssh/templates/sshd_config.erb | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/modules/ssh/templates/sshd_config.erb b/modules/ssh/templates/sshd_config.erb
index d2ad6b37c..b0e690f2d 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -30,10 +30,6 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
-
 # Logging
 SyslogFacility AUTH
 LogLevel INFO
@@ -43,14 +39,11 @@ LoginGraceTime 120
 PermitRootLogin without-password
 StrictModes yes
 
-RSAAuthentication yes
 PubkeyAuthentication yes
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
 HostbasedAuthentication no
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
-- 
2.20.1