From nobody Wed Sep 18 06:48:20 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X7q3n1kSHz5WMBY; Wed, 18 Sep 2024 06:48:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X7q3n0HyJz44Xh; Wed, 18 Sep 2024 06:48:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726642101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AOpv6uEyVisM1Mkkt46QG7WfJF4GgwJT8qtAvys6Axs=; b=A6LTYeW9T26HMdQN9TY1aELmsbm+n89EhbTYf+EHJqTOFMdfsScFuaIZRuKhmKk9o4d+Eo SkyWw3l2oqYm14OhUANGAGUVETKEXuh4sVWxrsn/XJBvDmV6V2XY5aeaNeTn/ZsV60JDJO QnukyjkmyAuhTXPTN8U6q5EBEc/U/LTcc/4uUVOr12Altzkrw87ifBQh1rNv7KrvAxI+Wm 3fWrTveXEfsG1sFsxUTF0t2RXrJTctUw7dTxJRubLwer6N8tR4mEuJCBsNB36hK1eBsC+O f4YCgZNdWKppj2tBr5/2J1HLJpXD1nUKjZHNZQ8alVeADyqhq+Vg4YC6ViS23g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726642101; a=rsa-sha256; cv=none; b=DBTkfE2ipky3+LYh1UrZq8GyveokfvWXyH7zSKXVDn4K9YWyki7pdv6Kz8pGx4yzcTSY/4 guPsHTPSEx4wvNCn83/4CIG0l0rrEvzcebcJReXhk5nMa2I/6P0B5419UIuZTkhcIEsiSv D+SwE3r5WVXeeSfTuudfBIQ5y4nGTxwCWThntC27kmlGsVADNauR9iqRU6etgQgfMZbbLp hhZzsW+hN8RYG0bMlMRZ0zDmpq4Ytmr9eXN8J2RiGbL0w14RdlWGd6z/UdChPeW9Dn3EX7 DAXQkwOPesaO1dJ4z+DvjuUNbnLrCSjnP1LYaEskfRQflbm/fiUoFAcyJQx0EA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726642101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AOpv6uEyVisM1Mkkt46QG7WfJF4GgwJT8qtAvys6Axs=; b=b/asXhFofczlX9VAD/P6WYfOtmx95jtv2dJKGzve7uzeSw47jJ7Yi83g2dv8mFbVwJdQ6m IJEoTtZsxlpn3MFUFlDQBP3v0Zh1YbdL0EuGeH0P3UDQGEQkjNzRiVFqgsiNybEXaYjory qOwz5KnlbnYMJTQSH4xag2Vc955S+hN5W5yR+D0x92ZjPpg+O0vv8CuS0WvxTug2qpR/NF +pDJ8rL139S5eJP/ECjA0c3xIhjlz5u54VMQP/a82A7L7Y0V156Cho4INWy/a83Np/UqW7 f3G/wv/NEOzZ8leQRAIvXtvGMmfEDtOFJ0/d3zGjbsqIKDFDI5Z7zsB+08bEIw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X7q3m60tXz1B2Q; Wed, 18 Sep 2024 06:48:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48I6mK41004235; Wed, 18 Sep 2024 06:48:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48I6mKNj004233; Wed, 18 Sep 2024 06:48:20 GMT (envelope-from git) Date: Wed, 18 Sep 2024 06:48:20 GMT Message-Id: <202409180648.48I6mKNj004233@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Colin Percival Subject: git: 0aabcd75dbc2 - main - EC2: Disable RSA host key generation for sshd List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0aabcd75dbc2457be65e3c3c46948761ac5e50ed Auto-Submitted: auto-generated The branch main has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=0aabcd75dbc2457be65e3c3c46948761ac5e50ed commit 0aabcd75dbc2457be65e3c3c46948761ac5e50ed Author: Colin Percival AuthorDate: 2024-09-11 05:00:07 +0000 Commit: Colin Percival CommitDate: 2024-09-18 06:47:58 +0000 EC2: Disable RSA host key generation for sshd These are largely obsolete, and generating them is responsible for over 10% of the total boot time of EC2 instances. Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D46638 --- release/tools/ec2.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index 2cca5fa713af..34434f86a0b1 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -71,6 +71,9 @@ ec2_common() { 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ ${DESTDIR}/etc/ssh/sshd_config + # RSA host keys are obsolete and also very slow to generate + echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf + # Use FreeBSD Update mirrors hosted in AWS sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ ${DESTDIR}/etc/freebsd-update.conf