Op 18-09-2024 om 08:48 schreef Colin Percival:
The branch main has been updated by cperciva:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0aabcd75dbc2457be65e3c3c46948761ac5e50ed
commit 0aabcd75dbc2457be65e3c3c46948761ac5e50ed
Author: Colin Percival <[email protected]>
AuthorDate: 2024-09-11 05:00:07 +0000
Commit: Colin Percival <[email protected]>
CommitDate: 2024-09-18 06:47:58 +0000
EC2: Disable RSA host key generation for sshd
These are largely obsolete, and generating them is responsible for
over 10% of the total boot time of EC2 instances.
Wouldn't it be a good idea to disable this in general in 15-CURRENT? It
wouldn't affect existing installations.
Regards,
Ronald.
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46638
---
release/tools/ec2.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
index 2cca5fa713af..34434f86a0b1 100644
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@@ -71,6 +71,9 @@ ec2_common() {
's/^#KbdInteractiveAuthentication
yes/KbdInteractiveAuthentication no/' \
${DESTDIR}/etc/ssh/sshd_config
+ # RSA host keys are obsolete and also very slow to generate
+ echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf
+
# Use FreeBSD Update mirrors hosted in AWS
sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \
${DESTDIR}/etc/freebsd-update.conf
