From 82ddb792f67856054e4b857cde1d803c59f3f7e6 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 21 Jan 2016 12:49:29 +0100
Subject: [PATCH 120/325] OpenSSH: Disable DSA keys by default

... as it's done by vanilla OpenSSH since 6.9p1.

This reverts FreeBSD r294495 which enabled them again
due to POLA concerns that aren't relevant for ElectroBSD.

Obtained from: ElectroBSD
---
 UPDATING | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/UPDATING b/UPDATING
index 88a610e4705c..01dd8fc37776 100644
--- a/UPDATING
+++ b/UPDATING
@@ -1158,6 +1158,10 @@ from older version of current across the gcc/clang cutover is a bit fragile.
 	restored by setting vfs.zfs.vol.recursive=1.
 
 20160119:
+	The default configuration of ssh(1) no longer allows to use ssh-dss
+	keys.  To enable using them, add 'ssh-dss' to PubkeyAcceptedKeyTypes
+	option in the /etc/ssh/ssh_config.  Refer to ssh_config(5) for more
+	information.
 	The NONE and HPN patches has been removed from OpenSSH.  They are
 	still available in the security/openssh-portable port.
 
-- 
2.32.0