On 2015-03-12, John Long <[email protected]> wrote: >> You can simply configure HostKey in /etc/ssh/sshd_config. > > With that done a client can still do pubkey auth with a DSA key. (How) can I > stop sshd from accepting client keys a user might include in > ~/.ssh/authorized_keys other than RSA keys?
By setting PubkeyAcceptedKeyTypes accordingly in sshd_config. This has _nothing_ to do with the server keys. > Given I do understand that if ssh-keygen -A isn't run at startup none of the > keys I deleted will come back, and given that's what I really want even if > new ciphers get added in the future, are there any other issues to be aware > of regarding removing ssh-keygen -A from the startup? /etc/rc isn't a configuration file. When you upgrade OpenBSD, /etc/rc will be overwritten and your changes will be lost. I don't understand why you insist on deleting the server keys. -- Christian "naddy" Weisgerber [email protected]
