net-misc/openssh: warn about change in default root config #555518#16

1 files changed, 5 insertions, 1 deletions

diff --git a/net-misc/openssh/openssh-7.1_p1-r2.ebuild b/net-misc/openssh/openssh-7.1_p1-r2.ebuild
index 24cdf966c596..42a6a3d1d538 100644
--- a/net-misc/openssh/openssh-7.1_p1-r2.ebuild
+++ b/net-misc/openssh/openssh-7.1_p1-r2.ebuild
@@ -308,12 +308,16 @@ pkg_postinst() {
 		elog "Make sure to update any configs that you might have.  Note that xinetd might"
 		elog "be an alternative for you as it supports USE=tcpd."
 	fi
-	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
 		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
 		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
 		elog "adding to your sshd_config or ~/.ssh/config files:"
 		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
 		elog "You should however generate new keys using rsa or ed25519."
+
+		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
+		elog "out of the box.  If you need this, please update your sshd_config explicitly."
 	fi
 	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
 		elog "Be aware that by disabling openssl support in openssh, the server and clients"