From 1a979a16ac75fda780da5dfd3d31ab8a2b4acfec Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 9 Nov 2015 23:50:26 -0500 Subject: net-misc/openssh: warn about change in default root config #555518#16 --- net-misc/openssh/openssh-7.1_p1-r2.ebuild | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'net-misc/openssh') diff --git a/net-misc/openssh/openssh-7.1_p1-r2.ebuild b/net-misc/openssh/openssh-7.1_p1-r2.ebuild index 24cdf966c596..42a6a3d1d538 100644 --- a/net-misc/openssh/openssh-7.1_p1-r2.ebuild +++ b/net-misc/openssh/openssh-7.1_p1-r2.ebuild @@ -308,12 +308,16 @@ pkg_postinst() { elog "Make sure to update any configs that you might have. Note that xinetd might" elog "be an alternative for you as it supports USE=tcpd." fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 + if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" elog "weak sizes. If you rely on these key types, you can re-enable the key types by" elog "adding to your sshd_config or ~/.ssh/config files:" elog " PubkeyAcceptedKeyTypes=+ssh-dss" elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." fi if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then elog "Be aware that by disabling openssl support in openssh, the server and clients" -- cgit v1.2.3-65-gdbad