$Id: README,v 1.16 2021/11/23 02:53:38 nanons Exp $

OpenSSH configuration

To enable, copy files in this directory to /etc/ssh.

Generate an identity key with djb crypto:

	$ ssh-keygen -t ed25519 -Z chacha20-poly1305@openssh.com

Change the key's passphrase later, while still retaining djb encryption:

	$ ssh-keygen -p -Z chacha20-poly1305@openssh.com

Setting a passphrase is strongly recommended.  If you need an empty
passphrase for scripts, keep a separate key and use ssh(1)'s -i option
to specify the passwordless key.

To host completely separated OpenSSH servers on different Tor onion
services, multiple sshd(8) instances need to be ran instead of opening
multiple ports in the same server so that server host keys aren't shared
among all onion services.

To easily create multiple sshd(8) init scripts:

	# ln -s /etc/rc.d/sshd /etc/rc.d/mysshd
	# rcctl enable mysshd
	# rcctl set mysshd flags "-f /path/to/sshd_config"

Warning: If you disable the service, the flags are lost and you have to
repeat the process.
