use only rsa and ecdsa host keys by default

openssh-6.3p1-redhat.patch

@@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config
  #Port 22
  #AddressFamily any
  #ListenAddress 0.0.0.0
+@@ -21,9 +25,9 @@
+ # HostKey for protocol version 1
+ #HostKey /etc/ssh/ssh_host_key
+ # HostKeys for protocol version 2
+-#HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_rsa_key
+ #HostKey /etc/ssh/ssh_host_dsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
+ 
+ # Lifetime and size of ephemeral version 1 server key
+ #KeyRegenerationInterval 1h
 @@ -35,6 +39,7 @@
  # Logging
  # obsoletes QuietMode and FascistLogging

sshd-keygen

@@ -4,7 +4,7 @@
 #
 # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
 # variable.
-AUTOCREATE_SERVER_KEYS=RSAONLY
+AUTOCREATE_SERVER_KEYS=NODSA
 
 # source function library
 . /etc/rc.d/init.d/functions
@@ -115,8 +115,9 @@ do_ecdsa_keygen() {
 if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
 	do_rsa_keygen
 	if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
-		do_rsa1_keygen
-		do_dsa_keygen
 		do_ecdsa_keygen
+		if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then
+			do_dsa_keygen
+		fi
 	fi
 fi

sshd.sysconfig

@@ -1,9 +1,11 @@
 # Configuration file for the sshd service.
 
-# The server keys are automatically generated if they ommited
+# The server keys are automatically generated if they omitted
-# to change the automatic creation uncomment the approprite 
+# to change the automatic creation uncomment the appropriate
-# line. The default is RSAONLY
+# line. The default is NODSA which means rsa and ecdsa keys are
+# generated.
 
+# AUTOCREATE_SERVER_KEYS=NODSA
 # AUTOCREATE_SERVER_KEYS=RSAONLY
 # AUTOCREATE_SERVER_KEYS=NO
 # AUTOCREATE_SERVER_KEYS=YES