From 279734be11fcdc90d7857b744f3503964e167219 Mon Sep 17 00:00:00 2001
From: Colin Percival <cperciva@FreeBSD.org>
Date: Tue, 17 Sep 2024 23:51:53 -0700
Subject: [PATCH] RELNOTES: Document EC2 SSH RSA host key desupport.

Sponsored by:	Amazon
---
 RELNOTES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index bf0fc174e212..0daff902d4fd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,6 +10,11 @@ newline.  Entries should be separated by a newline.
 
 Changes to this file should not be MFCed.
 
+0aabcd75dbc2:
+	EC2 AMIs no longer generate RSA host keys by default for SSH.  RSA
+	host key generation can be re-enabled by setting sshd_rsa_enable="YES"
+	in /etc/rc.conf if it is necessary to support very old SSH clients.
+
 a1da7dc1cdad:
 	The SO_SPLICE socket option was added.  It allows TCP connections to
 	be spliced together, enabling proxy-like functionality without the