From nobody Tue Sep 24 10:09:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XCbG55Gdnz5Xbss; Tue, 24 Sep 2024 10:10:21 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XCbG54phMz4xr2; Tue, 24 Sep 2024 10:10:21 +0000 (UTC) (envelope-from ronald@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727172621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=50dr2e3nfGDISs9d0y5Z+DTRKHqr804auZDYIo/WbaE=; b=kXBvdz+Zrzd9+lDkInp4kPt78uOKkUSdkmXkKrh9dp1T+ZQPOmnlkabLVAYe7lsl2lcrQL /Qw/a75EdugEgdEZan4n15CHlKxr0SGivjDUaQx6YLZuNK4+ljqTdvxnqm5ZX6r61XN5rF vthXpq7YBo0to1aguyqhxqEHdpm1tk4MT/s8eJIthdUUBmo1+kYzjuSKWqQW/Kl8adr0qL V9yyRBY3kymPNtCZWGwbYzpFl+6d05K8U1PX0CFGtjtAJd3dddp31Ek+hzP87Himv5frmO 5dUotQin0vRWBma0UgbTZEUyL6yz3hYpqz8dwdACEmfJmrV0ThKepbklbuL6oQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727172621; a=rsa-sha256; cv=none; b=G27IlyFCvGKZJmaId+iGs+cz9tDw9DohRvyK9XMn75zdgvpedg7bZEYc385S2mJhTiKfgg /XQAX24ttF5xGN4rAaJBk8/yDi/SLy9aqyzQ6ptwEKyjKUrCCWrFkx8sFzp1B9YF9AUcde NhycBR9VVJ4NG9B8T0aRJDG9oBNC6Xb6uMJxN2RO5i0E6eA+BqiDcvQSrghv7zystSNu55 +QRq44QDEb0uQkpqUKkM3MER0lDzyBgIjj2SvB+vz3NU9x+HFTjJM4nyI7IJ/zCmrCzKrM 1lShsgaAVOlDwLHyQt70ZNC9Qs3xG+ztmWjN/qLUcypWZsKPSBcYtRdmB9ghag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727172621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=50dr2e3nfGDISs9d0y5Z+DTRKHqr804auZDYIo/WbaE=; b=AwilxRa5s8PBXYyXhdGYtFKBS7n9Akf6Bo4JYz7bIdC/we8eaDQyJkS5CKgVzzlibSMB4A o6RJv8aFYOvcHXYbEU8He9f59DqoMsZjCgSntmT7bh9DdNyagw4mRJXNROP7yBt1LAtbRy JTLHGKAmQc8mq49vwhZBHTxBJ4Erwy/lM54ahL7YLIMedY53t8qS2i9o8LcuxQmeG6tr8Q NJjcbXlizKDpQp5ymONDp37HH9SkUK97AOQjK6fDrmYcgbYCWHzZ9U6DCCIpsL7GqHEI7R F2PCnQws8nxvS5FImTXqZDC8E489XpfT4YolydjjBWSjC0SkHFQg6F0tmSYZbQ== Received: from [192.168.1.142] (84-105-120-103.cable.dynamic.v4.ziggo.nl [84.105.120.103]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: ronald/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4XCbG50Ldpz1RjP; Tue, 24 Sep 2024 10:10:20 +0000 (UTC) (envelope-from ronald@FreeBSD.org) Message-ID: <9ce619ca-07b0-47d6-9ed6-4c6fe5dbd801@FreeBSD.org> Date: Tue, 24 Sep 2024 12:09:03 +0200 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: git: 0aabcd75dbc2 - main - EC2: Disable RSA host key generation for sshd To: Colin Percival , src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org References: <202409180648.48I6mKNj004233@gitrepo.freebsd.org> Content-Language: en-US From: Ronald Klop In-Reply-To: <202409180648.48I6mKNj004233@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Op 18-09-2024 om 08:48 schreef Colin Percival: > The branch main has been updated by cperciva: > > URL: https://cgit.FreeBSD.org/src/commit/?id=0aabcd75dbc2457be65e3c3c46948761ac5e50ed > > commit 0aabcd75dbc2457be65e3c3c46948761ac5e50ed > Author: Colin Percival > AuthorDate: 2024-09-11 05:00:07 +0000 > Commit: Colin Percival > CommitDate: 2024-09-18 06:47:58 +0000 > > EC2: Disable RSA host key generation for sshd > > These are largely obsolete, and generating them is responsible for > over 10% of the total boot time of EC2 instances. > Wouldn't it be a good idea to disable this in general in 15-CURRENT? It wouldn't affect existing installations. Regards, Ronald. > Sponsored by: Amazon > Differential Revision: https://reviews.freebsd.org/D46638 > --- > release/tools/ec2.conf | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf > index 2cca5fa713af..34434f86a0b1 100644 > --- a/release/tools/ec2.conf > +++ b/release/tools/ec2.conf > @@ -71,6 +71,9 @@ ec2_common() { > 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ > ${DESTDIR}/etc/ssh/sshd_config > > + # RSA host keys are obsolete and also very slow to generate > + echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf > + > # Use FreeBSD Update mirrors hosted in AWS > sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ > ${DESTDIR}/etc/freebsd-update.conf >