Disable DSA ssh keys by default (#13056)

* Disable DSA ssh keys by default

OpenSSH has disabled DSA keys since version 7.0

As the docker runs openssh > v7.0 we should just disable
DSA keys by default.

Refers to #11417

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Just disable DSA keys by default

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove DSA type

* Fix Tests

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -258,7 +258,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
 - `SSH_BACKUP_AUTHORIZED_KEYS`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true.
 - `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
-- `MINIMUM_KEY_SIZE_CHECK`: **false**: Indicate whether to check minimum key size with corresponding type.
+- `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.
 
 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
@@ -479,7 +479,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
 - `ED25519`: **256**
 - `ECDSA`: **256**
 - `RSA`: **2048**
-- `DSA`: **1024**
+- `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider
 
 ## Webhook (`webhook`)