diff options
| author | zeripath <art27@cantab.net> | 2020-10-09 07:52:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-09 09:52:57 +0300 |
| commit | ea69ec6f0feb357b82dc2572f88184db507e383b (patch) | |
| tree | e2c89b77999c70f853f4a6d93703338b1ae7d013 /docs/content/doc/advanced/config-cheat-sheet.en-us.md | |
| parent | 06f1cdde6edaf99a78ab18e0c1939a2d6ab30fde (diff) | |
| download | gitea-ea69ec6f0feb357b82dc2572f88184db507e383b.tar.gz gitea-ea69ec6f0feb357b82dc2572f88184db507e383b.zip | |
Disable DSA ssh keys by default (#13056)
* Disable DSA ssh keys by default
OpenSSH has disabled DSA keys since version 7.0
As the docker runs openssh > v7.0 we should just disable
DSA keys by default.
Refers to #11417
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just disable DSA keys by default
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove DSA type
* Fix Tests
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'docs/content/doc/advanced/config-cheat-sheet.en-us.md')
| -rw-r--r-- | docs/content/doc/advanced/config-cheat-sheet.en-us.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index c2a12a1d8f..36d5af1aef 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -258,7 +258,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. - `SSH_BACKUP_AUTHORIZED_KEYS`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true. - `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false. -- `MINIMUM_KEY_SIZE_CHECK`: **false**: Indicate whether to check minimum key size with corresponding type. +- `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type. - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures. - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log. @@ -479,7 +479,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type - `ED25519`: **256** - `ECDSA`: **256** - `RSA`: **2048** -- `DSA`: **1024** +- `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider ## Webhook (`webhook`) |