--- Makefile	(revision 393654)
+++ Makefile	(working copy)
@@ -3,7 +3,7 @@ 
 
 PORTNAME=	openssh
 DISTVERSION=	20150727
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://www.mindrot.org/openssh_snap/ \
 		OPENBSD/OpenSSH/portable
--- files/openssh.in	(revision 393654)
+++ files/openssh.in	(working copy)
@@ -24,6 +24,17 @@ 
 : ${openssh_enable:="NO"}
 : ${openssh_skipportscheck="NO"}
 
+: ${openssh_rsa1_keygen_enable="YES"}
+: ${openssh_rsa1_keygen_flags=""}
+: ${openssh_rsa_keygen_enable="YES"}
+: ${openssh_rsa_keygen_flags=""}
+: ${openssh_dsa_keygen_enable="YES"}
+: ${openssh_dsa_keygen_flags=""}
+: ${openssh_ecdsa_keygen_enable="YES"}
+: ${openssh_ecdsa_keygen_flags=""}
+: ${openssh_ed25519_keygen_enable="YES"}
+: ${openssh_ed25519_keygen_flags=""}
+
 command=%%PREFIX%%/sbin/sshd
 extra_commands="configtest reload keygen"
 start_precmd="${name}_checks"
@@ -35,11 +46,18 @@ 
 
 openssh_keygen()
 {
-	if [ -f %%ETCDIR%%/ssh_host_key -a \
-	    -f %%ETCDIR%%/ssh_host_dsa_key -a \
-	    -f %%ETCDIR%%/ssh_host_rsa_key -a \
-	    -f %%ETCDIR%%/ssh_host_ecdsa_key -a \
-	    -f %%ETCDIR%%/ssh_host_ed25519_key ]; then
+	local skip_rsa1= skip_dsa= skip_rsa= skip_ecdsa= skip_ecdsa=
+	checkyesno openssh_rsa1_keygen_enable || skip_rsa1=y
+	checkyesno openssh_dsa_keygen_enable || skip_dsa=y
+	checkyesno openssh_rsa_keygen_enable || skip_rsa=y
+	checkyesno openssh_ecdsa_keygen_enable || skip_ecdsa=y
+	checkyesno openssh_ed25519_keygen_enable || skip_ed25519=y
+
+	if [ \( -n "$skip_rsa1" -o -f %%ETCDIR%%/ssh_host_key \) -a \
+	    \( -n "$skip_dsa" -o -f %%ETCDIR%%/ssh_host_dsa_key \) -a \
+	    \( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
+	    \( -n "$skip_ecdsa" -o -f %%ETCDIR%%/ssh_host_ecdsa_key \) -a \
+	    \( -n "$skip_ed25519" -o -f %%ETCDIR%%/ssh_host_ed25519_key \) ]; then
 		return 0
 	fi
 
@@ -53,8 +71,8 @@ 
 		echo "You already have an RSA host key" \
 			"in %%ETCDIR%%/ssh_host_key"
 		echo "Skipping protocol version 1 RSA Key Generation"
-	else
-		%%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \
+	elif checkyesno openssh_rsa1_keygen_enable; then
+		%%PREFIX%%/bin/ssh-keygen -t rsa1 $openssh_rsa1_keygen_flags \
 			-f %%ETCDIR%%/ssh_host_key -N ''
 	fi
 
@@ -62,8 +80,8 @@ 
 		echo "You already have a DSA host key" \
 			"in %%ETCDIR%%/ssh_host_dsa_key"
 		echo "Skipping protocol version 2 DSA Key Generation"
-	else
-		%%PREFIX%%/bin/ssh-keygen -t dsa \
+	elif checkyesno openssh_dsa_keygen_enable; then
+		%%PREFIX%%/bin/ssh-keygen -t dsa $openssh_dsa_keygen_flags \
 			-f %%ETCDIR%%/ssh_host_dsa_key -N ''
 	fi
 
@@ -71,8 +89,8 @@ 
 		echo "You already have a RSA host key" \
 			"in %%ETCDIR%%/ssh_host_rsa_key"
 		echo "Skipping protocol version 2 RSA Key Generation"
-	else
-		%%PREFIX%%/bin/ssh-keygen -t rsa \
+	elif checkyesno openssh_rsa_keygen_enable; then
+		%%PREFIX%%/bin/ssh-keygen -t rsa $openssh_rsa_keygen_flags \
 			-f %%ETCDIR%%/ssh_host_rsa_key -N ''
 	fi
 
@@ -80,8 +98,8 @@ 
 		echo "You already have a Elliptic Curve DSA host key" \
 			"in %%ETCDIR%%/ssh_host_ecdsa_key"
 		echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
-	else
-		%%PREFIX%%/bin/ssh-keygen -t ecdsa \
+	elif checkyesno openssh_ecdsa_keygen_enable; then
+		%%PREFIX%%/bin/ssh-keygen -t ecdsa $openssh_ecdsa_keygen_flags \
 			-f %%ETCDIR%%/ssh_host_ecdsa_key -N ''
 	fi
 
@@ -89,8 +107,8 @@ 
 		echo "You already have a Elliptic Curve ED25519 host key" \
 			"in %%ETCDIR%%/ssh_host_ed25519_key"
 		echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
-	else
-		%%PREFIX%%/bin/ssh-keygen -t ed25519 \
+	elif checkyesno openssh_ed25519_keygen_enable; then
+		%%PREFIX%%/bin/ssh-keygen -t ed25519 $openssh_ed22519_keygen_flags \
 			-f %%ETCDIR%%/ssh_host_ed25519_key -N ''
 	fi
 }