Removing small diffie-hellman moduli.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 05:19:43 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 05:19:43 +0000
commit: 5517e28cf5aa3a8b2e5c202e8ed464cc752ff178 (patch)
tree: 07f5b4b2b08057d69c0de0e0ba4b4f4578365770
parent: Setting default ECDSA size in ssh-keygen to 521. (diff)
download: openssh-5517e28cf5aa3a8b2e5c202e8ed464cc752ff178.tar.xz
openssh-5517e28cf5aa3a8b2e5c202e8ed464cc752ff178.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/debian/rules b/debian/rules
index 44bac00..56490b2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -181,6 +181,10 @@ endif
 		debian/openssh-server/etc/ssh/moduli \
 		debian/openssh-client/etc/ssh/ssh_config
 
+	# Remove small Diffie-Hellman moduli
+	awk '$$5 >= 4095' debian/openssh-server/etc/ssh/moduli > debian/openssh-server/etc/ssh/moduli.tmp
+	mv -f debian/openssh-server/etc/ssh/moduli.tmp debian/openssh-server/etc/ssh/moduli
+
 # We'd like to use dh_install --fail-missing here, but that doesn't work
 # well in combination with dh-exec: it complains that files generated by
 # dh-exec for architecture-dependent packages aren't installed.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 05:19:43 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 05:19:43 +0000
commit	5517e28cf5aa3a8b2e5c202e8ed464cc752ff178 (patch)
tree	07f5b4b2b08057d69c0de0e0ba4b4f4578365770
parent	Setting default ECDSA size in ssh-keygen to 521. (diff)
download	openssh-5517e28cf5aa3a8b2e5c202e8ed464cc752ff178.tar.xz openssh-5517e28cf5aa3a8b2e5c202e8ed464cc752ff178.zip