Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/openssh
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-08-12 22:53:56 -0400
committerMike Frysinger <vapier@gentoo.org>2015-08-12 22:53:56 -0400
commit671b767a1b5a8119e43a63c167fadb27cfbb7929 (patch)
tree728612fea2cb1e70e4bfc08814c49e7e4a3a9991 /net-misc/openssh
parentnet-misc/libreswan: Remove old (diff)
downloadgentoo-671b767a1b5a8119e43a63c167fadb27cfbb7929.tar.gz
gentoo-671b767a1b5a8119e43a63c167fadb27cfbb7929.tar.bz2
gentoo-671b767a1b5a8119e43a63c167fadb27cfbb7929.zip
net-misc/openssh: add warnings about key support in newer versions #557388
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/openssh-7.0_p1.ebuild12
1 files changed, 12 insertions, 0 deletions
diff --git a/net-misc/openssh/openssh-7.0_p1.ebuild b/net-misc/openssh/openssh-7.0_p1.ebuild
index f3bfefd74d37..e7d3760dab02 100644
--- a/net-misc/openssh/openssh-7.0_p1.ebuild
+++ b/net-misc/openssh/openssh-7.0_p1.ebuild
@@ -309,4 +309,16 @@ pkg_postinst() {
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
+ if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+ elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+ elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
+ elog "adding to your sshd_config:"
+ elog " PubkeyAcceptedKeyTypes=+ssh-dss"
+ elog "You should however generate new keys using rsa or ed25519."
+ fi
+ if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
+ elog "Be aware that by disabling openssl support in openssh, the server and clients"
+ elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
+ elog "and update all clients/servers that utilize them."
+ fi
}