[src/trunk]: src/etc/rc.d /etc/rc.d/sshd: Use default curve for ECDSA keygen,...

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/57bb72685c06
branches:  trunk
changeset: 376231:57bb72685c06
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Jun 05 11:59:12 2023 +0000

description:
/etc/rc.d/sshd: Use default curve for ECDSA keygen, not NIST P-521.

The default is NIST P-256, which:

(a) has plenty of cryptanalytic security,
(b) performs better on essentially all platforms (smaller enough that
    even the advantage of the Mersenne prime structure of P-521 can't
    compete), and
(c) likely gets more scrutiny on implementations than P-521 since it's
    more widespread.

diffstat:

 etc/rc.d/sshd |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (20 lines):

diff -r 65462c53a96b -r 57bb72685c06 etc/rc.d/sshd
--- a/etc/rc.d/sshd     Mon Jun 05 11:51:19 2023 +0000
+++ b/etc/rc.d/sshd     Mon Jun 05 11:59:12 2023 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: sshd,v 1.34 2023/06/05 11:51:19 riastradh Exp $
+# $NetBSD: sshd,v 1.35 2023/06/05 11:59:12 riastradh Exp $
 #
 
 # PROVIDE: sshd
@@ -61,7 +61,7 @@ sshd_keygen()
                    printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
                new_key_created=true
        done << _EOF
-ecdsa  521     ssh_host_ecdsa_key
+ecdsa  -1      ssh_host_ecdsa_key
 ed25519        -1      ssh_host_ed25519_key
 rsa    0       ssh_host_rsa_key
 _EOF