From 671b767a1b5a8119e43a63c167fadb27cfbb7929 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 12 Aug 2015 22:53:56 -0400
Subject: [PATCH] net-misc/openssh: add warnings about key support in newer
 versions #557388

---
 net-misc/openssh/openssh-7.0_p1.ebuild | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/net-misc/openssh/openssh-7.0_p1.ebuild b/net-misc/openssh/openssh-7.0_p1.ebuild
index f3bfefd74d37..e7d3760dab02 100644
--- a/net-misc/openssh/openssh-7.0_p1.ebuild
+++ b/net-misc/openssh/openssh-7.0_p1.ebuild
@@ -309,4 +309,16 @@ pkg_postinst() {
 		elog "Make sure to update any configs that you might have.  Note that xinetd might"
 		elog "be an alternative for you as it supports USE=tcpd."
 	fi
+	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+		elog "adding to your sshd_config:"
+		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+		elog "You should however generate new keys using rsa or ed25519."
+	fi
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
 }
-- 
2.26.2