The base OpenSSH rc.d script has a nice undocumented set of options that easily allow to disable the automatic creation of undesired, and possibly outdated, keys. Those options are: sshd_rsa1_enable, sshd_rsa_enable, sshd_dsa_enable, sshd_ecdsa_enable, sshd_ed25519_enable Reference: https://svnweb.freebsd.org/base/release/10.3.0/etc/rc.d/sshd?view=markup It's possible to port those options in openssh-portable too? I think they are useful to avoid useless files and to increase the clarity of the overall configuration of a system. For information, a simple workaround I found is to pre-create the empty files for the keys I don't want to be created. This works thanks to bug #202792. As a final remark, the abovementioned options are quite undocumented in the system (not in the man pages). Could be nice to document them. Thank for your support. Best Regards, Nicholas
I don't have time to do it soon, but I'll gladly take a patch. Otherwise I can add this in a few weeks.
Is still not in: : ${sshd_rsa1_enable:="yes"} : ${sshd_rsa_enable:="yes"} : ${sshd_dsa_enable:="yes"} : ${sshd_ecdsa_enable:="yes"} : ${sshd_ed25519_enable:="yes"} but it is the question if this is stil wanted?.
(In reply to w.schwarzenfeld from comment #2) Regarding the two original requests: 1) support of the options in openssh-portable: yes, I think is still wanted as those options exist for the base OpenSSH build. 2) documentation of the options in man pages and handbook (for base OpenSSH): still undocumented. I think they should be documented somewhere.