Re: git: 0aabcd75dbc2 - main - EC2: Disable RSA host key generation for sshd
- In reply to: Colin Percival : "git: 0aabcd75dbc2 - main - EC2: Disable RSA host key generation for sshd"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Sep 2024 10:09:03 UTC
Op 18-09-2024 om 08:48 schreef Colin Percival: > The branch main has been updated by cperciva: > > URL: https://cgit.FreeBSD.org/src/commit/?id=0aabcd75dbc2457be65e3c3c46948761ac5e50ed > > commit 0aabcd75dbc2457be65e3c3c46948761ac5e50ed > Author: Colin Percival <cperciva@FreeBSD.org> > AuthorDate: 2024-09-11 05:00:07 +0000 > Commit: Colin Percival <cperciva@FreeBSD.org> > CommitDate: 2024-09-18 06:47:58 +0000 > > EC2: Disable RSA host key generation for sshd > > These are largely obsolete, and generating them is responsible for > over 10% of the total boot time of EC2 instances. > Wouldn't it be a good idea to disable this in general in 15-CURRENT? It wouldn't affect existing installations. Regards, Ronald. > Sponsored by: Amazon > Differential Revision: https://reviews.freebsd.org/D46638 > --- > release/tools/ec2.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf > index 2cca5fa713af..34434f86a0b1 100644 > --- a/release/tools/ec2.conf > +++ b/release/tools/ec2.conf > @@ -71,6 +71,9 @@ ec2_common() { > 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ > ${DESTDIR}/etc/ssh/sshd_config > > + # RSA host keys are obsolete and also very slow to generate > + echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf > + > # Use FreeBSD Update mirrors hosted in AWS > sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ > ${DESTDIR}/etc/freebsd-update.conf >