Edit: my bad, +ssh-rsa refers to a signature algorithm using SHA1, which should not be used anymore. Target server host keys should be renewed, as told by riolu, thanks to him for pointing it.
On debian-like, remove host keys and run dpkg-configure openssh-server.
On redhat-like, remove host keys and restart sshd.
---------------------------------------------
Not vulnerable, not a bad practice. Newer algorithms are faster (in practice not perceptible, people usually don't need state of the art performance for SSH connections), with smaller keys and probably better algorithms (not subject to side channel attacks, which are still hard to abuse) but RSA is not broken. It may be in a few years with quantum computing but it's still far to be sure.
That change isn't actually about RSA vs. ECC. It's about SHA-1 vs. SHA-2. The default configuration still supports using your existing RSA keys, but with a different hashing algorithm (with the options rsa-sha2-256 and rsa-sha2-512). That configuration change allows use of SHA-1 to continue.
On debian-like, remove host keys and run dpkg-configure openssh-server.
On redhat-like, remove host keys and restart sshd.
---------------------------------------------
Not vulnerable, not a bad practice. Newer algorithms are faster (in practice not perceptible, people usually don't need state of the art performance for SSH connections), with smaller keys and probably better algorithms (not subject to side channel attacks, which are still hard to abuse) but RSA is not broken. It may be in a few years with quantum computing but it's still far to be sure.
https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not... updated last december.
No need to rekey all accounts or servers, just switch to ecdsa or ed25519 progressively.