From 481c36208a45d9309601b557561ed001dbe7eae6 Mon Sep 17 00:00:00 2001
From: zhengxiaoxiao <zhengxiaoxiao2@huawei.com>
Date: Mon, 15 Aug 2022 09:06:32 +0800
Subject: [PATCH] add secure hostKey algorithms

---
 security.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security.conf b/security.conf
index 42d972d..f52a19d 100644
--- a/security.conf
+++ b/security.conf
@@ -101,6 +101,11 @@
 122@m@/etc/ssh/sshd_config@GSSAPIKexAlgorithms@ gss-group14-sha256-,gss-group16-sha512-,gss-curve25519-sha256-
 122@m@/etc/ssh/sshd_config@CASignatureAlgorithms@ ssh-ed25519,sk-ssh-ed25519@@openssh.com,rsa-sha2-512,rsa-sha2-256
 
+# secure hostKey algorithms
+123@d@/etc/ssh/sshd_config@HostKey /etc/ssh/ssh_host_ecdsa_key
+123@m@/etc/ssh/sshd_config@HostKeyAlgorithms@ ssh-ed25519,ssh-ed25519-cert-v01@@openssh.com,rsa-sha2-256,rsa-sha2-512
+123@m@/etc/ssh/sshd_config@PubkeyAcceptedKeyTypes@ ssh-ed25519,ssh-ed25519-cert-v01@@openssh.com,rsa-sha2-256,rsa-sha2-512
+
 130@systemctl@sshd.service@restart
 
 ########################################################################
-- 
2.27.0