EC2: Disable RSA host key generation for sshd

These are largely obsolete, and generating them is responsible for over 10% of the total boot time of EC2 instances. Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D46638
2024-11-21 07:15:49 +00:00 · 2024-09-10 22:00:07 -07:00 · 2024-09-10 22:00:07 -07:00 · 0aabcd75db
commit 0aabcd75db
parent 9b04aee86c
1 changed files with 3 additions and 0 deletions
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@ -71,6 +71,9 @@ ec2_common() {
 		's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
 		${DESTDIR}/etc/ssh/sshd_config

+	# RSA host keys are obsolete and also very slow to generate
+	echo 'sshd_rsa_enable="NO"' >> ${DESTDIR}/etc/rc.conf
+
 	# Use FreeBSD Update mirrors hosted in AWS
 	sed -i '' -e 's/update.FreeBSD.org/aws.update.FreeBSD.org/' \
 		${DESTDIR}/etc/freebsd-update.conf