From 9c24ddb052cb7a01c82658e34714348e6e94e06a Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Fri, 20 Apr 2018 07:32:35 -0700
Subject: [PATCH] remove some deprecated ssh options

---
 NEWS                          | 6 ++++++
 templates/ssh/sshd_config.erb | 2 --
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 79d0631..aaae6f5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,11 @@
 unreleased (207x-xx-xx)
 
+    [ssh] Remove the two options "RSAAuthentication" and
+    "RhostsRSAAuthentication" that have been deprecated and are only used
+    with SSH's protocol 1 (which we don't use anyway). See
+    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851573 and
+    https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=fb87db8aa47d3508be8e5bb1d21897fa1f2eca90
+
     [os] motd.erb needs to handle case when there is no swap.
 
     [several] change 'crit "stuff"' to 'crit("stuff")' to make Puppet 5
diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index 31713ce..f4435e6 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -53,9 +53,7 @@ UsePrivilegeSeparation yes
 # Disable all forms of host-based and public key authentication by default,
 # since we use GSS-API (or passwords).
 IgnoreRhosts yes
-RSAAuthentication no
 PubkeyAuthentication <%= @pubkey ? 'yes' : 'no' %>
-RhostsRSAAuthentication no
 HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
 
 # Allow password authentication via PAM, but not empty passwords.
-- 
GitLab