nixos/sshd: don't use `-a` (KDF rounds) on host keys

The nixos `sshd.nix` module contains a
mechanism to generate ssh host keys prior to
starting sshd if those host keys are missing.
The option `services.openssh.hostKeys` is used to
configure which host keys should exist or be created.
It also declares the key type and other key-related options.

One of those options is `rounds`.
That one is then forwarded to the
`ssh-keygen` program with the `-a` option.
It defines how many rounds of a key derivation function
are to be used on the key's passphrase before the result
is used to en-/decrypt the private key; cf. ssh-keygen(1).

ssh host keys are passwordless;
they are solely protected by filesystem access modes.
Hence, the `-a` option is irrelevant
and silently ignored by `ssh-keygen`.

The commit at hand therefore removes this option from
the host key generation script and the option examples.

0 files changed, 0 insertions, 0 deletions