commit: 1a979a16ac75fda780da5dfd3d31ab8a2b4acfec
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 10 04:50:26 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Nov 10 04:50:26 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a979a16
net-misc/openssh: warn about change in default root config #555518#16
net-misc/openssh/openssh-7.1_p1-r2.ebuild | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net-misc/openssh/openssh-7.1_p1-r2.ebuild
b/net-misc/openssh/openssh-7.1_p1-r2.ebuild
index 24cdf96..42a6a3d 100644
--- a/net-misc/openssh/openssh-7.1_p1-r2.ebuild
+++ b/net-misc/openssh/openssh-7.1_p1-r2.ebuild
@@ -308,12 +308,16 @@ pkg_postinst() {
elog "Make sure to update any configs that you might have.
Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+ if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
elog "Starting with openssh-7.0, support for ssh-dss keys were
disabled due to their"
elog "weak sizes. If you rely on these key types, you can
re-enable the key types by"
elog "adding to your sshd_config or ~/.ssh/config files:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or
ed25519."
+
+ elog "Starting with openssh-7.0, the default for
PermitRootLogin changed from 'yes'"
+ elog "to 'prohibit-password'. That means password auth for
root users no longer works"
+ elog "out of the box. If you need this, please update your
sshd_config explicitly."
fi
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
elog "Be aware that by disabling openssl support in openssh,
the server and clients"
