openssh: Re-enable DSA client keys

This was broken by a8eb2a6a81524f3be0c8886f6d06090b50b0a513.

nixos/modules/programs/ssh.nix

@@ -103,20 +103,23 @@ in
         message = "cannot enable X11 forwarding without setting XAuth location";
       };
 
-    environment.etc =
+    # SSH configuration. Slight duplication of the sshd_config
-      [ { # SSH configuration.  Slight duplication of the sshd_config
     # generation in the sshd service.
-          source = pkgs.writeText "ssh_config" ''
+    environment.etc."ssh/ssh_config".text =
+      ''
         AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
         ${optionalString cfg.setXAuthLocation ''
           XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
         ''}
+
         ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}
+
+        # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+        PubkeyAcceptedKeyTypes +ssh-dss
+
         ${cfg.extraConfig}
       '';
-          target = "ssh/ssh_config";
-        }
-      ];
 
     # FIXME: this should really be socket-activated for über-awesomeness.
     systemd.user.services.ssh-agent =

nixos/modules/services/networking/ssh/sshd.nix

@@ -413,6 +413,9 @@ in
         ${flip concatMapStrings cfg.hostKeys (k: ''
           HostKey ${k.path}
         '')}
+
+        # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
+        PubkeyAcceptedKeyTypes +ssh-dss
       '';
 
     assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;