diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2024-09-11 05:00:07 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2024-09-18 06:47:58 +0000 |
| commit | 0aabcd75dbc2457be65e3c3c46948761ac5e50ed (patch) | |
| tree | ccb4e1a9fa7100171b6a3ddba62bfe68b0997723 | |
| parent | 9b04aee86ccd58a6f3c936e0cd95bb9305a69848 (diff) | |
EC2: Disable RSA host key generation for sshd
These are largely obsolete, and generating them is responsible for
over 10% of the total boot time of EC2 instances.
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46638
| -rw-r--r-- | release/tools/ec2.conf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index 2cca5fa713af..34434f86a0b1 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -71,6 +71,9 @@ ec2_common() { 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \ ${DESTDIR}/etc/ssh/sshd_config + # RSA host keys are obsolete and also very slow to generate + echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf + # Use FreeBSD Update mirrors hosted in AWS sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \ ${DESTDIR}/etc/freebsd-update.conf |