On Thu, Mar 12, 2015 at 04:20:47PM +0000, Christian Weisgerber wrote: > On 2015-03-12, John Long <codeb...@inbox.lv> wrote: > > >> You can simply configure HostKey in /etc/ssh/sshd_config. > > > > With that done a client can still do pubkey auth with a DSA key. (How) can I > > stop sshd from accepting client keys a user might include in > > ~/.ssh/authorized_keys other than RSA keys? > > By setting PubkeyAcceptedKeyTypes accordingly in sshd_config.
Thanks, I looked and looked and could not find it in the man page. It appears to be only in -current? Is this possible in prior versions (i.e. undocumented but works) or is it totally new? > This has _nothing_ to do with the server keys. Understood. I want to do an RSA-only setup. After the server key issue was resolved I looked at what the clients can do. > /etc/rc isn't a configuration file. When you upgrade OpenBSD, > /etc/rc will be overwritten and your changes will be lost. I realize that. I keep track of local customizations in a notebook. Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary / \ http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
