ssh::config::sshd: Disable ed25519 by default, for older OSes.

Newer OSes should enable this globally in Hiera.

README.ssh

@@ -41,6 +41,7 @@ made (customizeable parameters are called out):
 * Listen on all addresses ('listen_addresses', a comma-separated string).
 * Disable SSHv1.
 * Only use RSA host keys.
+* Ed25519 host keys are not used ('ed25519', a boolean).
 * Increase the login timeout to 5 minutes.
 * Limit authentication attempts to 5 ('max_tries', an integer).
 * On RHEL-type systems, expicitly enable privilege separation.
@@ -58,7 +59,7 @@ made (customizeable parameters are called out):
 
 For the default SSH client configuration, GSSAPI is enabled, and on RHEL 
 6+ GSSAPI key-exchange and GSSAPI DNS trust are enabled.  That's it.
-  
+
 base::ssh can also be configured to require Duo as a second authentication 
 factor.  To enable this, set the "pam_duo" parameter to true.  When you do 
 that, the following changes are made:

manifests/ssh/config/sshd.pp

@@ -30,7 +30,7 @@
 define base::ssh::config::sshd(
   $ensure            = 'present',
   $gitolite          = false,
-  $ed25519           = true,
+  $ed25519           = false,
   $hostbased         = false,
   $pubkey            = false,
   $password          = true,