A number of articles suggest removing insecure (broken) SSH key types in order to have a more secure server. In practice, if I only connect to the server with secure key types, why should I bother deleting insecure key types? What is a practical attack that can be performed if I do not remove these key types.
From SSH audit:
Disable the DSA and ECDSA host keys
From Secure Secure Shell:
DSA keys must be exactly 1024 bits so let’s disable that. Number 2 here involves NIST suckage and should be disabled as well.
