Hello, I've done some digging on that issue. Hope it'll help.
It looks like the clients still support the DSA keys. This is on a Void linux desktop: [vince@destop ~]$ ssh -Q PubkeyAcceptedAlgorithms | grep -i dss ssh-dss ssh-dss-cert-...@openssh.com The following Guix VM has been created 2 days ago, with a very light config vince@guix ~$ ssh -Q PubkeyAcceptedAlgorithms | grep -i ssh-dss ssh-dss ssh-dss-cert-...@openssh.com So, I created a DSA PKI key pair, like so: ssh-keygen -N '' -t dsa -f ssh-key-dsa Uploaded the public key to the guix VM, as ~vince/.ssh/authorized_keys then tried to connect to the OpenSSH server on that VM [vince@desktop ~]$ ssh -vi ssh-key-dsa vince@10.0.0.101 OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024 debug1: Reading configuration data /home/vince/.ssh/config debug1: /home/vince/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 10.0.0.101 [10.0.0.101] port 22. debug1: Connection established. debug1: identity file ssh-key-dsa type 1 [...] debug1: Skipping ssh-dss key ssh-key-dsa - corresponding algorithm not in PubkeyAcceptedAlgorithms debug1: No more authentication methods to try. vince@10.0.0.101: Permission denied (publickey). So it looks like DSA client keys are not accepted any more by default. Is there a problem for the server host key ? vince@guix ~$ ls /etc/ssh/ authorized_keys.d/ ssh_host_ed25519_key ssh_host_rsa_key.pub ssh_host_ecdsa_key ssh_host_ed25519_key.pub ssh_host_ecdsa_key.pub ssh_host_rsa_key No DSA keys here. Maybe something has been changed and they are not created any more. So I'm not sure there is a problem, or am I mistaken ? Didn't I look hard enough ? WDYT ? Announce of DSA support removal from OpenSSH: https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-January/041132.html Some context about DSA keys: https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys -- Vincent Legoll
