diff --git a/post-install.sh b/post-install.sh
index 218de27..6cb30c6 100755
--- a/post-install.sh
+++ b/post-install.sh
@@ -229,14 +229,12 @@ install() {
         inst /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
     fi
     
-    # Generate host keys if they don't exist
-    for keytype in rsa ecdsa ed25519; do
-        keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
-        if [ ! -f "$keyfile" ]; then
-            dropbearkey -t $keytype -f "$keyfile" 2>/dev/null
-        fi
-        [ -f "$keyfile" ] && inst "$keyfile"
-    done
+    # Install ED25519 host key only
+    keyfile="/etc/dropbear/dropbear_ed25519_host_key"
+    if [ ! -f "$keyfile" ]; then
+        dropbearkey -t ed25519 -f "$keyfile" 2>/dev/null
+    fi
+    [ -f "$keyfile" ] && inst "$keyfile"
     
     # Install the service
     inst_simple "$moddir/dropbear.service" /etc/systemd/system/dropbear.service
@@ -289,26 +287,20 @@ mkdir -p /etc/dropbear
 echo "${SSH_KEY}" > /etc/dropbear/authorized_keys
 chmod 600 /etc/dropbear/authorized_keys
 
-# Generate host keys and display SHA256 fingerprints
-echo "[+] Generating SSH host keys..."
-for keytype in rsa ecdsa ed25519; do
-    keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
-    if [ ! -f "$keyfile" ]; then
-        echo "  - Generating $keytype key..."
-        dropbearkey -t $keytype -f "$keyfile" | grep -v "Generating" || true
-        
-        # Extract and display SHA256 fingerprint for ed25519
-        if [ "$keytype" = "ed25519" ] && command -v ssh-keygen >/dev/null 2>&1; then
-            # Convert dropbear key to OpenSSH format and get SHA256 fingerprint
-            dropbearkey -y -f "$keyfile" | grep "^ssh-" > "/tmp/dropbear_${keytype}.pub"
-            fingerprint=$(ssh-keygen -lf "/tmp/dropbear_${keytype}.pub" -E sha256 2>/dev/null | awk '{print $2}')
-            if [ -n "$fingerprint" ]; then
-                echo "  - ED25519 SHA256 fingerprint: $fingerprint"
-            fi
-            rm -f "/tmp/dropbear_${keytype}.pub"
+# Generate ED25519 host key only (most secure)
+echo "[+] Generating ED25519 SSH host key..."
+keyfile="/etc/dropbear/dropbear_ed25519_host_key"
+if [ ! -f "$keyfile" ]; then
+    dropbearkey -t ed25519 -f "$keyfile" | grep -v "Generating" || true
+    
+    # Display SHA256 fingerprint if ssh-keygen is available
+    if command -v ssh-keygen >/dev/null 2>&1; then
+        fingerprint=$(dropbearkey -y -f "$keyfile" | ssh-keygen -lf - -E sha256 2>/dev/null | awk '{print $2}')
+        if [ -n "$fingerprint" ]; then
+            echo "  SHA256 fingerprint: $fingerprint"
         fi
     fi
-done
+fi
 
 # Configure dracut
 cat > /etc/dracut.conf.d/60-dropbear-ssh.conf << 'EOF'