Re: Deprecating RSA ssh host keys in 16

On Tue, 24 Sept 2024 at 14:41, Colin Percival <cperciva@tarsnap.com> wrote:
>
> I don't think we should turn off RSA host key generation in general in
> 15.x since for non-VM/cloud images the first boot time is less relevant
> (if you're installing from an ISO image, the installer will take far
> longer than the host key generation) but I think it would make sense to
> deprecate RSA host keys in 15 and then turn them off by default in 16.

This might be overly conservative, and users who need RSA host keys
can trivially enable them.

I'm also not fond of having different behaviour in a cloud environment
vs when using the installer -- imagine a user with an old ssh client
that has trouble connecting to FreeBSD servers, but only those hosted
on EC2.