From 07bc859e9acec3cc6f7a8129e4b05a7584fef209 Mon Sep 17 00:00:00 2001
From: Peter Hoeg <peter@hoeg.com>
Date: Sat, 14 Oct 2017 14:42:34 +0800
Subject: [PATCH] Revert "ssh: deprecate use of old DSA keys"

This reverts commit 65b73d71cbe5df15ce62024123eedea284d825db.
---
 nixos/modules/services/networking/ssh/sshd.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 0834fc67284..8828429a817 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -363,9 +363,12 @@ in
           HostKey ${k.path}
         '')}
 
+        # Allow DSA client keys for now. (These were deprecated
+        # in OpenSSH 7.0.)
+        PubkeyAcceptedKeyTypes +ssh-dss
+
+        # Re-enable DSA host keys for now.
         ${optionalString supportOldHostKeys ''
-          # Allow DSA keys for now. (deprecated in OpenSSH 7.0)
-          PubkeyAcceptedKeyTypes +ssh-dss
           HostKeyAlgorithms +ssh-dss
         ''}
       '';