Skip to content

Do not generate RSA key for runner sshd#3926

Merged
r4victor merged 1 commit into
masterfrom
issue_3920_skip_rsa_key
Jun 2, 2026
Merged

Do not generate RSA key for runner sshd#3926
r4victor merged 1 commit into
masterfrom
issue_3920_skip_rsa_key

Conversation

@r4victor
Copy link
Copy Markdown
Collaborator

@r4victor r4victor commented Jun 2, 2026
edited
Loading

Part of #3920

Drop RSA host key generation for runner's sshd on every container start. RSA keys are very slow to generate (~1s). This leads to runner API being unavailable for some time after the container start. The dstack server fails to connect to connect to the runner on the first attempt, and provisioning may require extra processing cycles. ECDSA and Ed25519 keys should be sufficient as Ed25519 is supported since OpenSSH 6.5 (2014) and ECDSA since 5.7 (2011).

# time ssh-keygen -t rsa -b 3072 -q -N "" -f /tmp/rsa_key

real	0m0.894s
user	0m0.892s
sys	0m0.001s

# time {
   ssh-keygen -t ecdsa   -q -N "" -f /tmp/test/ssh_host_ecdsa_key
   ssh-keygen -t ed25519 -q -N "" -f /tmp/test/ssh_host_ed25519_key
}

real	0m0.010s
user	0m0.008s
sys	0m0.002s

@r4victor r4victor requested a review from un-def June 2, 2026 06:28
@r4victor r4victor merged commit ea0f7fe into master Jun 2, 2026
25 checks passed
@r4victor r4victor deleted the issue_3920_skip_rsa_key branch June 2, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@un-def un-def un-def approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@r4victor @un-def