Yes.

Stuart Henderson <stu@spacehopper.org> wrote:

> On 2026/06/26 16:39, Bjorn Ketelaars wrote:
> > With OpenSSH introducing ML-DSA-44 / Ed25519 hybrid host keys, they
> > probably need to be tracked in /etc/changelist and /etc/mtree/special.
> > 
> > Diff below adds the new host keys with the appropriate permissions (0600
> > for the private key, 0644 for the public key) and marks them as
> > optional.
> > 
> > Comments / OK?
> 
> ok. ssh-keygen -A generates them already, so the files should be tracked.
> 
> > 
> > diff --git etc/changelist etc/changelist
> > index 0dc0188b184..a1e2b12412d 100644
> > --- etc/changelist
> > +++ etc/changelist
> > @@ -145,6 +145,8 @@
> >  /etc/ssh/ssh_host_ed25519_key.pub
> >  +/etc/ssh/ssh_host_key
> >  /etc/ssh/ssh_host_key.pub
> > ++/etc/ssh/ssh_host_mldsa44_ed25519_key
> > +/etc/ssh/ssh_host_mldsa44_ed25519_key.pub
> >  +/etc/ssh/ssh_host_rsa_key
> >  /etc/ssh/ssh_host_rsa_key.pub
> >  /etc/ssh/sshd_config
> > diff --git etc/mtree/special etc/mtree/special
> > index 05e89c65e23..34dde68bb36 100644
> > --- etc/mtree/special
> > +++ etc/mtree/special
> > @@ -106,6 +106,8 @@ ssh_host_ed25519_key	type=file mode=0600 uname=root gname=wheel optional
> >  ssh_host_ed25519_key.pub	type=file mode=0644 uname=root gname=wheel optional
> >  ssh_host_key	type=file mode=0600 uname=root gname=wheel optional
> >  ssh_host_key.pub	type=file mode=0644 uname=root gname=wheel optional
> > +ssh_host_mldsa44_ed25519_key	type=file mode=0600 uname=root gname=wheel optional
> > +ssh_host_mldsa44_ed25519_key.pub	type=file mode=0644 uname=root gname=wheel optional
> >  ssh_host_rsa_key	type=file mode=0600 uname=root gname=wheel optional
> >  ssh_host_rsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
> >  sshd_config	type=file mode=0644 uname=root gname=wheel
> > 
>