add option to add DSA keys Change-Id: I200d67e5ca255addd65c9e1bd42ec3c7132d1df7

commit: 7f50705221c7fed939acfcda0f5b384d81563365 [log] [tgz]
author: Marek Celoud <mceloud@mirantis.com> Mon Nov 06 15:50:23 2017 +0100
committer: Marek Celoud <mceloud@mirantis.com> Mon Nov 06 15:50:23 2017 +0100
tree: 589efcffd5d822cc8ae18004ab985b4d05f81912
parent: e2f2f5f2ad2dd1a483eddd38c6c2d2955c886588 [diff]
diff --git a/README.rst b/README.rst
index 2cf834b..a3625c7 100644
--- a/README.rst
+++ b/README.rst

@@ -138,6 +138,14 @@
     #
     # will give you an timeout of 30 minutes (600 sec x 3)
 
+Enable DSA legacy keys:
+
+.. code-block:: yaml
+
+    openssh:
+      server:
+        dss_enabled: true
+
 Read more
 =========
 

diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index 0b18df7..f1e5552 100755
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config

@@ -160,3 +160,6 @@
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 
+{%- if server.get('dss_enabled', false) %}
+PubkeyAcceptedKeyTypes=+ssh-dss
+{%- endif %}
commit	7f50705221c7fed939acfcda0f5b384d81563365	[log] [tgz]
author	Marek Celoud <mceloud@mirantis.com>	Mon Nov 06 15:50:23 2017 +0100
committer	Marek Celoud <mceloud@mirantis.com>	Mon Nov 06 15:50:23 2017 +0100
tree	589efcffd5d822cc8ae18004ab985b4d05f81912
parent	e2f2f5f2ad2dd1a483eddd38c6c2d2955c886588 [diff]