OpenSSH 7 Disables DSA Keys By Default

Please be aware of this important change to avoid getting locked out of your Funtoo server.

By Drobbins / October 7, 2015

Please be aware that OpenSSH 7 (now unmasked in funtoo-current) has disabled support for DSA keys by default, so that DSA keys cannot be used by an OpenSSH 7 client to log into a server, and DSA keys will not be accepted by an OpenSSH 7 server to allow logins from a client. This change was made by OpenSSH developers due to DSA keys being relatively weak compared to other options currently available.

Please see the following Gentoo news announcement for more detail, including instructions on how to re-enable DSA key support on both client and server via configuration file changes: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

While it is not recommended to continue to use DSA keys, there are still some environments that will require DSA support to be re-enabled to ensure that users can connect via ssh after upgrading to OpenSSH 7. For these environments, it is recommended that you begin the process of migrating away from DSA keys for authentication.