PSA: If you upgrade to openssh 7 client and realize that you were depending on dsa keys that you hadn’t yet updated to rsa keys in ~/.ssh/authorized_keys on remote hosts, and now you are getting a lot of “Permission denied (publickey,gssapi-keyex,gssapi-with-mic)” messages when trying to ssh to remote systems, it might help to copy your id_rsa to the other systems with a command like:

ssh-copy-id -i ~/.ssh/id_rsa -oHostKeyAlgorithms=+ssh-dss -oPubkeyAcceptedKeyTypes=+ssh-dss $HOST

(The openssh “legacy” page ignores the need for “-oPubkeyAcceptedKeyTypes=+ssh-dss”)

Michael K Johnson December 19, 2015 17:28

http://www.openssh.com/legacy.html is the page to which I was referring

Michael K Johnson July 20, 2016 21:19

+Noah Friedman​ here’s how to deal with that old dsa key you were just complaining about, FYI.

Yes, it was annoying…

Noah Friedman July 21, 2016 01:42

Thanks. Yeah, I did find that page eventually. I think I had to add KexAlgorithms=+diffie-hellman-group1-sha1 to it as well.

Imported from Google+ — content and formatting may not be reliable