The developers of the OpenSSH project have presented a plan to end support for keys based on the DSA algorithm. By modern standards, DSA keys do not provide the proper level of security, since they use a private key size of only 160 bits and a SHA1 hash, which in terms of security level corresponds to approximately an 80-bit symmetric key.
By default, the use of DSA keys was discontinued in 2015, but DSA support is left as an option, since this algorithm is the only one required for implementation in the SSHv2 protocol. This requirement was added because at the time of the creation and approval of the SSHv2 protocol, all alternative algorithms were subject to patents. Since then, the situation has changed, the patents associated with RSA have expired, the ECDSA algorithm has been added, which is significantly superior to DSA in performance and security, as well as EdDSA, which is safer and faster than ECDSA. The only factor in continuing DSA support was maintaining compatibility with legacy devices.
Having assessed the situation in the current realities, the OpenSSH developers came to the conclusion that the costs of continuing to maintain the insecure DSA algorithm are not justified and its removal will encourage the cessation of DSA support in other SSH implementations and cryptographic libraries. The April release of OpenSSH plans to retain the DSA build, but provide the ability to disable DSA at compile time. In the June release of OpenSSH, DSA will be disabled by default when building, and the DSA implementation will be removed from the codebase in early 2025.
Users who require client-side DSA support will be able to use alternative builds of older versions of OpenSSH, such as the Debian-supplied package "openssh-client-ssh1", built on top of OpenSSH 7.5 and designed to connect to SSH servers using the SSHv1 protocol, which was discontinued in OpenSSH 7.6 six years ago.
Source: opennet.ru