2015-08-14 - Gaetan Bisson

In light of recently discovered vulnerabilities, the new openssh-7.0p1 release deprecates keys of ssh-dss type, also known as DSA keys. See the upstream announcement for details.

Before updating and restarting sshd on a remote host, make sure you do not rely on such keys for connecting to it. To enumerate DSA keys granting access to a given account, use:

grep ssh-dss ~/.ssh/authorized_keys

If you have any, ensure you have alternative means of logging in, such as key pairs of a different type, or password authentication.