OpenSSH 7.0 & greater disable ssh-dss by default.
cggibbo 270000TMUJ Comments (4) Visits (31188)
OpenSSH 7.0 & greater disable ssh-dss by default. http
If you upgrade OpenSSH, to 188.8.131.520 on AIX for example, you may notice that you're unable to login afterwards, with ssh-dss keys. In syslog you'll see messages similar to this:
Syslog: Sep 11 15:40:34 cgaix auth|security:info sshd: userauth_pubkey: key type ssh-dss not in Pubk
# lslpp -l openssh\*
From the OpenSSH webs
"OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use. It can be re-enabled using the HostKeyAlgorithms configuration option:
or in the ~/.ssh/config file:
The recommendation is to stop using DSA and move to something stronger, like RSA or ECDSA.
If you're stuck and you have a lot of users with ssh-dss keys, you could enable it (temporarily) by adding the following line to your /etc
# grep Acc /etc
# stopsrc -s sshd ; sleep 5 ; startsrc -s sshd