From f22861a780a34fe073cee0284c45d5275755daf4 Mon Sep 17 00:00:00 2001
From: "renmingshuai@huawei.com" <renmingshuai@huawei.com>
Date: Tue, 10 Jan 2023 11:15:43 +0800
Subject: [PATCH] delete deprecated option RSAAuthentication and
 RhostsRSAAuthentication

(cherry picked from commit fc248551edc364fa69598ab8cd3ff17a39d7b617)
---
 security-tool.spec                            |  6 +++-
 ...d-option-RSAAuthentication-and-Rhost.patch | 28 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch

diff --git a/security-tool.spec b/security-tool.spec
index 8818e9e..4894600 100644
--- a/security-tool.spec
+++ b/security-tool.spec
@@ -2,7 +2,7 @@
 Summary: openEuler Security Tool
 Name   : security-tool
 Version: 2.0
-Release: 1.86
+Release: 1.87
 Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
 License: MulanPSL-2.0
 URL: https://gitee.com/openeuler/security-tool
@@ -20,6 +20,7 @@ Patch2: remove-sha1-in-sshd-config.patch
 Patch3: fix-function-allow-rpm-q.patch
 Patch4: add-secure-hostKey-algorithms.patch
 Patch5: Do-not-hard-code-vendor-name-in-source-code.patch
+Patch6: sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
 
 %description
 %{vendor} Security Tool
@@ -125,6 +126,9 @@ fi
 %attr(0500,root,root) %{_sbindir}/security-tool.sh
 
 %changelog
+* Tue Jan 10 2023 renmingshuai <renmingshuai@huawei.com> - 2.0-1.87
+- delete deprecated option RSAAuthentication and RhostsRSAAuthentication
+
 * Fri Jan 6 2023 Chenxi Mao <chenxi.mao@suse.com> - 2.0-1.86
 - Do not hard code vendor name in source code
 
diff --git a/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch b/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
new file mode 100644
index 0000000..35c10fd
--- /dev/null
+++ b/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
@@ -0,0 +1,28 @@
+From b72601eb4904923100e3254f490def46633db322 Mon Sep 17 00:00:00 2001
+From: "renmingshuai@huawei.com" <renmingshuai@huawei.com>
+Date: Tue, 10 Jan 2023 11:10:33 +0800
+Subject: [PATCH] delete deprecated option RSAAuthentication and
+ RhostsRSAAuthentication
+
+---
+ security.conf | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/security.conf b/security.conf
+index f52a19d..70674b9 100644
+--- a/security.conf
++++ b/security.conf
+@@ -53,10 +53,8 @@
+ 103@m@/etc/ssh/sshd_config@X11Forwarding @no
+ 
+ 105@m@/etc/ssh/sshd_config@PubkeyAuthentication @yes
+-105@m@/etc/ssh/sshd_config@RSAAuthentication @yes
+ # Don't read the user's ~/.rhosts and ~/.shosts files
+ 105@m@/etc/ssh/sshd_config@IgnoreRhosts @yes
+-105@m@/etc/ssh/sshd_config@RhostsRSAAuthentication @no
+ 
+ # To disable host authentication
+ 106@m@/etc/ssh/sshd_config@HostbasedAuthentication @no
+-- 
+2.23.0
+
-- 
Gitee