add option to add DSA keys
Change-Id: I200d67e5ca255addd65c9e1bd42ec3c7132d1df7
diff --git a/README.rst b/README.rst
index 2cf834b..a3625c7 100644
--- a/README.rst
+++ b/README.rst
@@ -138,6 +138,14 @@
#
# will give you an timeout of 30 minutes (600 sec x 3)
+Enable DSA legacy keys:
+
+.. code-block:: yaml
+
+ openssh:
+ server:
+ dss_enabled: true
+
Read more
=========
diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index 0b18df7..f1e5552 100755
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -160,3 +160,6 @@
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
+{%- if server.get('dss_enabled', false) %}
+PubkeyAcceptedKeyTypes=+ssh-dss
+{%- endif %}