When I started dealing with *nix servers, openssh servers came with dsa as well as rsa host keys, with openssh clients preferring the rsa key. These days openssh servers have dsa, rsa as well as ecdsa host keys, with openssh clients preferring the ecdsa host key.
To what extent do I still need/want to have openssh configured to provide dsa host keys?
Mostly wondering in regards to non-openssh client implementations.
Best Answer
I can't think of anything widely used that lacks support for at least RSA, and really if you are using a terminal emulator on windows (for example) that only supports DSA you should stop using it and download putty, or update it.
The option is there to provide compatibility. However, it also adds to your security surface; an attacker could weaken your cryptography by convincing a client to only declare support for DSA. This scenario is rather far-fetched. If it concerns you, then you should disable DSA.
The only scenario I can imagine that would likely result in a serious compromise is if one of your users used a DSA keypair on an untrusted or compromised computer which always negotiated DSA and generated duplicate ephemeral values for creating DSA signatures; the result would be that the user's key could be compromised, but it doesn't seem like this is the path of least resistance for an attacker. Unless your system is used by international spies, you probably don't need to worry about it. See this question on one of our sister sites: https://security.stackexchange.com/q/29262/12223.
There isn't really a direct way to disable DSA. Debian bug 528046 proposes it and provides a patch (for an option PubKeyTypes), and met with support, but has not been actioned since 2009, with no evidence of anything upstream.