OpenSSH 7+
deprecates weak key exchange algorithm diffie-hellman-group1-sha1 and DSA public keys for both host and user keys which lead to the following error messages:
Unable to negotiate with 172.16.0.10 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
or a simple permission denied when using a user DSA public key or
Unable to negotiate with 127.0.0.1: no matching host key type found.
Their offer: ssh-dss
when connecting to a host with a DSA host key.
Workaround
Allow the different deprecated features in ~/.ssh/config
Host myserver
# To make pub ssh-dss keys work again
PubkeyAcceptedKeyTypes +ssh-dss
# To make host ssh-dss keys work again
HostkeyAlgorithms +ssh-dss
# To allow weak remote key exchange algorithm
KexAlgorithms +diffie-hellman-group1-sha1
Alternatively pass those three options using -o. For example allow the key exchange when running SSH
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 <host>
Solution
Replace all your dss keys to avoid keys stopping to work. And upgrade all SSH version to avoid offering legacy key exchange algorithms.