From c5744ca6355bbbbedae4307efa0dc795b9e06a1a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 14 Feb 2020 11:55:48 -0400 Subject: remove deprecated ssh key algos from my personal configs DSA is entirely deprecated, while RSA is just starting to be deprecated Generated and added new keys as necessary. Still a few stragglers on machines I can't currently access (sow and beaver). --- src/Propellor/Property/Obnam.hs | 2 +- src/Propellor/Property/SiteSpecific/Branchable.hs | 6 +++--- src/Propellor/Property/SiteSpecific/JoeySites.hs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs index 264d6748..3e5ea87e 100644 --- a/src/Propellor/Property/Obnam.hs +++ b/src/Propellor/Property/Obnam.hs @@ -35,7 +35,7 @@ data NumClients = OnlyClient | MultipleClients -- > & Obnam.backup "/srv/git" "33 3 * * *" -- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam" -- > ] Obnam.OnlyClient --- > `requires` Ssh.keyImported SshRsa "root" (Context hostname) +-- > `requires` Ssh.keyImported SshEd25519 "root" (Context hostname) -- -- How awesome is that? -- diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs index 79a5b45f..fdfb858e 100644 --- a/src/Propellor/Property/SiteSpecific/Branchable.hs +++ b/src/Propellor/Property/SiteSpecific/Branchable.hs @@ -28,8 +28,8 @@ server hosts = propertyList "branchable server" $ props & Apt.serviceInstalledRunning "openssh-server" & Ssh.passwordAuthentication False & Ssh.hostKeys (Context "branchable.com") - [ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell") - , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell") + [ (SshEcdsa, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLRRZ3Ew6eq6d8+ID1CXwF0hLjObNM2XwCIOFI4Wml2iP5NIHwtUCg2hlVUal6v1bO+VPjvx3dkf5Y00GI2BVSY= root@pell") + , (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5gaqToi0NtZH+vxXqW8E/reJW2tMHOEs2ycieMYkng root@pell") ] & Apt.installed ["procmail", "bsd-mailx"] @@ -60,7 +60,7 @@ server hosts = propertyList "branchable server" $ props , Borg.KeepYears 1 ] & Ssh.userKeys (User "root") (Context "branchable.com") - [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2PqTSupwncqeffNwZQXacdEWp7L+TxllIxH7WjfRMb3U74mQxWI0lwqLVW6Fox430DvhSqF1y5rJBvTHh4i49Tc9lZ7mwAxA6jNOP6bmdfteaKKYmUw5qwtJW0vISBFu28qBO11Nq3uJ1D3Oj6N+b3mM/0D3Y3NoGgF8+2dLdi81u9+l6AQ5Jsnozi2Ni/Osx2oVGZa+IQDO6gX8VEP4OrcJFNJe8qdnvItcGwoivhjbIfzaqNNvswKgGzhYLOAS5KT8HsjvIpYHWkyQ5QUX7W/lqGSbjP+6B8C3tkvm8VLXbmaD+aSkyCaYbuoXC2BoJdS7Jh8phKMwPJmdYVepn") + [ (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC20PCLAgkD6tK0vYsl0Pdpho+y7fNay8Fo8SXWrZojs root@pell") ] & Ssh.knownHost hosts "usw-s002.rsync.net" (User "root") diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 83a7ac8d..623dc125 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -150,7 +150,7 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props `requires` Ssh.userKeyAt (Just keyfile) (User "root") (Context "olduse.net") - (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0F6L76SChMCIGmeyGhlFMUTgZ3BoTbATiOSs0A7KXQoI1LTE5ZtDzzUkrQRJVpJ640pfMR7cQZyBm8tv+kYIPp0238GrX43c1vgm0L78agDnBU7r2iNMyWIwhssK8O3ZAhp8Q4KCz1r8hP2nIiD0y1D1VWW8h4KWOS7I1XCEAjOTvFvEjTh6a9MyHrcIkv7teUUzTBRjNrsyijCFRk1+pEET54RueoOmEjQcWd/sK1tYRiMZjegRLBOus2wUWsUOvznJ2iniLONUTGAWRnEV+O7hLN6CD44osJ+wkZk8bPAumTS0zcSLckX1jpdHJicmAyeniWSd4FCqm1YE6/xDD") + (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtHhNuO/abNTrc5pyWkwXz/F8FAHw8VcET0Yh4mjgOk root@kite") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root") borgrepo = rsyncNetBorgRepo "olduse.net.borg" [Borg.UseSshKey keyfile] keyfile = "/root/.ssh/olduse.net.key" @@ -198,7 +198,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props `requires` Ssh.userKeyAt (Just sshkey) (User "root") (Context "git.kitenet.net") - (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLwUUkpkI9c2Wcnv/E4v9bJ7WcpiNkToltXfzRDd1F31AYrucfSMgzu3rtDpEL+wSnQLua/taJkWUWT/pyXOAh+90K6O/YeBZmY5CK01rYDz3kSTAtwHkMqednsRjdQS6NNJsuWc1reO8a4pKtsToJ3G9VAKufCkt2b8Nhqz0yLvLYwwU/mdI8DmfX6IgXhdy9njVEG/jsQnLFXY6QEfwKbIPs9O6qo4iFJg3defXX+zVMLsh3NE1P2i2VxMjxJEQdPdy9Z1sVpkiQM+mgJuylQQ5flPK8sxhO9r4uoK/JROkjPJNYoJMlsN+QlK04ABb7JV2JwhAL/Y8ypjQ13JdT") + (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvgBVYP6srImGbJ+kg1K68HeUQqxHEBQswMWSqu9WOu root@kite") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root") & Ssh.authorizedKeys (User "family") (Context "git.kitenet.net") & User.accountFor (User "family") -- cgit v1.2.3