In light of recently discovered vulnerabilities, the new openssh-7.0p1
release deprecates keys of ssh-dss type, also known as DSA keys. See
the
upstream announcement
for details.
Before updating and restarting sshd on a remote host, make sure you do
not rely on such keys for connecting to it. To enumerate DSA keys
granting access to a given account, use:
grep ssh-dss ~/.ssh/authorized_keys
If you have any, ensure you have alternative means of logging in, such as key pairs of a different type, or password authentication.
Finally, host keys of ssh-dss type being deprecated too, you might
have to confirm a new fingerprint (for a host key of a different type)
when connecting to a freshly updated server.