From 18744d08526e7d5b62479375f798aeff4f977748 Mon Sep 17 00:00:00 2001
From: Robert Fisher <services@id264.net>
Date: Sun, 24 Nov 2024 12:16:52 +0000
Subject: [PATCH] use ECDSA instead of DSA

---
 src/brand/ipkg/system-unconfigure | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/brand/ipkg/system-unconfigure b/src/brand/ipkg/system-unconfigure
index 9a50f3a25..e008e4ebd 100755
--- a/src/brand/ipkg/system-unconfigure
+++ b/src/brand/ipkg/system-unconfigure
@@ -131,7 +131,7 @@ reset_ssh_config() {
             || bomb "Failed to update PermitRootLogin in $f"
     fi
     echo "------ Generating new ssh host keys"
-    for algo in rsa dsa; do
+    for algo in rsa ecdsa; do
         [ -f $ALTROOT/etc/ssh/ssh_host_${algo}_key ] \
             && mv $ALTROOT/etc/ssh/ssh_host_${algo}_key{,.old}
         [ -f $ALTROOT/etc/ssh/ssh_host_${algo}_key.pub ] \
@@ -140,8 +140,8 @@ reset_ssh_config() {
     /usr/bin/ssh-keygen -q -t rsa -b 2048 -N '' -C root@unknown \
         -f $ALTROOT/etc/ssh/ssh_host_rsa_key \
         || bomb "Failed to create new $ALTROOT/etc/ssh/ssh_host_rsa_key"
-    /usr/bin/ssh-keygen -q -t dsa -N '' -C root@unknown \
-        -f $ALTROOT/etc/ssh/ssh_host_dsa_key \
+    /usr/bin/ssh-keygen -q -t ecdsa -b 521 -N '' -C root@unknown \
+        -f $ALTROOT/etc/ssh/ssh_host_ecdsa_key \
         || bomb "Failed to create new $ALTROOT/etc/ssh/ssh_host_dsa_key"
     rm -f $ALTROOT/etc/ssh/ssh_host_*.old \
         || bomb "Failed to remove old key files"