remove sha1 in sshd_config

remove-sha1-in-sshd-config.patch

@@ -0,0 +1,27 @@
+From 3c25aca73660fcf4b381603c9422e3fd54d8dbc8 Mon Sep 17 00:00:00 2001
+From: renmingshuai <renmingshuai@huawei.com>
+Date: Mon, 7 Feb 2022 19:26:17 +0800
+Subject: [PATCH] remove sha1 in sshd_config
+
+---
+ security.conf | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/security.conf b/security.conf
+index 72bb91e..42d972d 100644
+--- a/security.conf
++++ b/security.conf
+@@ -97,6 +97,10 @@
+ #CVE-2015-4000
+ 121@m@/etc/ssh/sshd_config@KexAlgorithms@ curve25519-sha256,curve25519-sha256@@libssh.org,diffie-hellman-group-exchange-sha256
+ 
++122@m@/etc/ssh/sshd_config@HostbasedAcceptedKeytypes@ ssh-ed25519,ssh-ed25519-cert-v01@@openssh.com,rsa-sha2-256,rsa-sha2-512
++122@m@/etc/ssh/sshd_config@GSSAPIKexAlgorithms@ gss-group14-sha256-,gss-group16-sha512-,gss-curve25519-sha256-
++122@m@/etc/ssh/sshd_config@CASignatureAlgorithms@ ssh-ed25519,sk-ssh-ed25519@@openssh.com,rsa-sha2-512,rsa-sha2-256
++
+ 130@systemctl@sshd.service@restart
+ 
+ ########################################################################
+-- 
+1.8.3.1
+

security-tool.spec

@@ -1,7 +1,7 @@
 Summary: openEuler Security Tool
 Name   : security-tool
 Version: 2.0
-Release: 1.51
+Release: 1.52
 Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
 License: Mulan PSL v2
 URL: https://gitee.com/openeuler/security-tool
@@ -15,6 +15,7 @@ BuildRequires: xauth
 
 Patch0: Use-secure-MACs-and-KexAlgorithms.patch
 Patch1: do-not-create-allow-file-while-the-command-does-not-.patch
+Patch2: remove-sha1-in-sshd-config.patch
 
 %description
 openEuler Security Tool
@@ -119,6 +120,9 @@ fi
 %attr(0500,root,root) %{_sbindir}/security-tool.sh
 
 %changelog
+* Mon Feb 7 2022 renmingshuai <renmingshuai@huawei.com> - 2.0-1.52
+- remove sha1 in sshd_config
+
 * Thu Mar 18 2021 openEuler Buildteam <buildteam@openEuler.org> - 2.0-1.51
 - do not create allow file while the command does not exist