Date: Wed, 18 Sep 2024 06:48:20 GMT From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 0aabcd75dbc2 - main - EC2: Disable RSA host key generation for sshd Message-ID: <202409180648.48I6mKNj004233@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=0aabcd75dbc2457be65e3c3c46948761ac5e50ed commit 0aabcd75dbc2457be65e3c3c46948761ac5e50ed Author: Colin Percival <cperciva@FreeBSD.org> AuthorDate: 2024-09-11 05:00:07 +0000 Commit: Colin Percival <cperciva@FreeBSD.org> CommitDate: 2024-09-18 06:47:58 +0000 EC2: Disable RSA host key generation for sshd These are largely obsolete, and generating them is responsible for over 10% of the total boot time of EC2 instances. Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D46638 --- release/tools/ec2.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index 2cca5fa713af..34434f86a0b1 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -71,6 +71,9 @@ ec2_common() { 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ ${DESTDIR}/etc/ssh/sshd_config + # RSA host keys are obsolete and also very slow to generate + echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf + # Use FreeBSD Update mirrors hosted in AWS sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ ${DESTDIR}/etc/freebsd-update.conf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409180648.48I6mKNj004233>