From 6cb19c83e62148378afb45b6a65d86a18422c31f Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 21 Jan 2016 12:49:29 +0100
Subject: [PATCH 171/257] OpenSSH: Disable DSA keys by default

... as it's done by vanilla OpenSSH since 6.9p1.

This reverts FreeBSD r294495 which enabled them again
due to POLA concerns that aren't relevant for ElectroBSD.

Obtained from: ElectroBSD
---
 UPDATING | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/UPDATING b/UPDATING
index b9e1e1770a1c..09ea202f7463 100644
--- a/UPDATING
+++ b/UPDATING
@@ -182,6 +182,10 @@ from older version of current across the gcc/clang cutover is a bit fragile.
 	restored by setting vfs.zfs.vol.recursive=1.
 
 20160119:
+	The default configuration of ssh(1) no longer allows to use ssh-dss
+	keys.  To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes
+	option in the /etc/ssh/ssh_config.  Refer to ssh_config(5) for more
+	information.
 	The NONE and HPN patches has been removed from OpenSSH.  They are
 	still available in the security/openssh-portable port.
 
-- 
2.11.0