From d4f1643b804968c7320a4180c0324769e0a8d765 Mon Sep 17 00:00:00 2001
From: mickael e <mickael@freedom.press>
Date: Tue, 15 Dec 2020 16:35:43 -0500
Subject: [PATCH] Use ditribution-default host key algorithms

ECDSA will be used by defaut for the client to authenticate the host.

Tor Onion Services will also provide another layer of authentication,
when using ssh over Tor.
---
 .../roles/restrict-direct-access/templates/sshd_config           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config b/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config
index c4904c27fdb..322a8b3c658 100644
--- a/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config
+++ b/install_files/ansible-base/roles/restrict-direct-access/templates/sshd_config
@@ -39,7 +39,6 @@ UseDNS no
 # Cipher selection
 
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
-HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512
 # Don't use SHA1 for kex
 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 # Don't use SHA1 for hashing, don't use encrypt-and-MAC mode