add option to add DSA keys

Change-Id: I200d67e5ca255addd65c9e1bd42ec3c7132d1df7
diff --git a/README.rst b/README.rst
index 2cf834b..a3625c7 100644
--- a/README.rst
+++ b/README.rst
@@ -138,6 +138,14 @@
     #
     # will give you an timeout of 30 minutes (600 sec x 3)
 
+Enable DSA legacy keys:
+
+.. code-block:: yaml
+
+    openssh:
+      server:
+        dss_enabled: true
+
 Read more
 =========
 
diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index 0b18df7..f1e5552 100755
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -160,3 +160,6 @@
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
 
+{%- if server.get('dss_enabled', false) %}
+PubkeyAcceptedKeyTypes=+ssh-dss
+{%- endif %}