Avoid ED25519 and ECDSA creation

[brunorb86]

Hi everyone,

I have a specific situation where I need to use just a RSA key, this key is already loaded when my pod start but I'm still having issues trying to avoid the creation of the mentioned keys.

But why I can't have these keys created?
Because when the client tries to access my server it needs to validate the server using a .pem created from the rsa key and right now the key that is being presented is the ED25519

sftp test@192.168.1.10
The authenticity of host '192.168.1.10 (192.168.1.10)' can't be established.
ED25519 key fingerprint is SHA256:RvzyrVPbSlsIzVnwpWNcf/SrOvVpAWzA6eiVxTqqrLM.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^Croot@temp-busybox:/# sftp symitar@192.168.1.10
The authenticity of host '192.168.1.10 (192.168.1.10)' can't be established.
ED25519 key fingerprint is SHA256:ACKRXKNUJIJ1uXcgg4swqgGye4k90rUHH3DNdkl2BBQ.
This key is not known by any other names.

I'm using the official helm chart.

Added these envVars

envVars:

• name: SFTPGO_SFTPD__BINDINGS__0__HOST_KEYS__0
  value: /var/lib/sftpgo/id_rsa.pub
• name: SFTPGO_SFTPD__LOAD_DEFAULT_HOST_KEYS ## Tried to avoid to load the default hosts keys, didn't work
  value: "false"

Disable keys generation

• name: SFTPGO_SFTPD__KEY_GEN__DISABLE ## Tried to avoid the creation with this Variable, didn't work
  value: "true"
• name: SFTPGO_SFTPD__KEY_GEN__ED25519_DISABLED ## avoid generation ED25519, didn't work
  value: "true"
• name: SFTPGO_SFTPD__KEY_GEN__ECDSA_DISABLED ## avoid generation ECDSA, didn't work
  value: "true"
• name: SFTPGO_SFTPD__KEY_GEN__RSA_DISABLED
  value: "false"

Allowed just RSA ## Options to enable just RSA but the other keys are still being loaded

• name: SFTPGO_SFTPD__HOST_KEY_ALGORITHMS__0
  value: ssh-rsa

• name: SFTPGO_SFTPD__HOST_KEY_ALGORITHMS__1
  value: rsa-sha2-256

• name: SFTPGO_SFTPD__HOST_KEY_ALGORITHMS__2
  value: rsa-sha2-512

• name: SFTPGO_HTTPD__WEB_ADMIN__ENABLED
  value: "true"

  Here the logs of keys id_ecdsa and id_ed25519 creation and RSA load

  {"level":"info","time":"2025-07-17T13:49:53.049","sender":"sftpd","message":"No host keys configured and "id_ecdsa" does not exist; try to create a new host key"}
  {"level":"info","time":"2025-07-17T13:49:53.049","sender":"sftpd","message":"No host keys configured and "id_ed25519" does not exist; try to create a new host key"}
  {"level":"info","time":"2025-07-17T13:49:53.050","sender":"sftpd","message":"Loading private host key "id_rsa""}
  {"level":"info","time":"2025-07-17T13:49:53.050","sender":"sftpd","message":"Host key "id_rsa" loaded, type "ssh-rsa", fingerprint "SHA256:zv1hx1ninwIEwgl+HcpsdL++WkOFJc", algorithms [rsa-sha2-256 rsa-sha2-512]"}
  {"level":"info","time":"2025-07-17T13:49:53.050","sender":"sftpd","message":"Loading private host key "id_ecdsa""}
  {"level":"info","time":"2025-07-17T13:49:53.050","sender":"sftpd","message":"Host key "id_ecdsa" loaded, type "ecdsa-sha2-nistp256", fingerprint "SHA256:TBQfEDA9bqSvVk/Y4wf//KmLrXld5UA+RALQI4WS8lM", algorithms [ecdsa-sha2-nistp256]"}
  {"level":"info","time":"2025-07-17T13:49:53.051","sender":"sftpd","message":"Loading private host key "id_ed25519""}
  {"level":"info","time":"2025-07-17T13:49:53.051","sender":"sftpd","message":"Host key "id_ed25519" loaded, type "ssh-ed25519", fingerprint "SHA256:S8EVbsXmpdnl4jzpEKttQVUqIvcL7STWXO2iFPF/p4U", algorithms [ssh-ed25519]"}

  I have additional env variables related to DB connection working fine, but these above are not working.
  Does anyone have any advice to share?