Hi,
I've got several FreeNAS boxes, which I'd like to access via ssh. Both user and host keys are supposed to be 4096 bits long and of type RSA. On user key side all is fine. Host keys are generated by FreeNAS magic upon setup and Services/SSH/Settings changes. And they are only 2048 bits of length.
So I started to dig a bit and of course the rc-script can be modified to generate long RSA keys, if I insert
Can anybody please tell me what's going on here? I think best solution would be to put a new default RSA host key length setting into some GUI element. Unfortunately I wasn't able to find such option in the openssh docs/manuals. The only extra option I put into GUI form is
I've got several FreeNAS boxes, which I'd like to access via ssh. Both user and host keys are supposed to be 4096 bits long and of type RSA. On user key side all is fine. Host keys are generated by FreeNAS magic upon setup and Services/SSH/Settings changes. And they are only 2048 bits of length.
So I started to dig a bit and of course the rc-script can be modified to generate long RSA keys, if I insert
-b 4096
into the right line. Once the old key is removed (by hand) and the rc-script is run ( service openssh restart
), a new key pair is in place. That's all good, but it only lasts until I touch the GUI ssh-wise. Then a different mechanism wipes my long keys and puts short ones back in place.Can anybody please tell me what's going on here? I think best solution would be to put a new default RSA host key length setting into some GUI element. Unfortunately I wasn't able to find such option in the openssh docs/manuals. The only extra option I put into GUI form is
HostKey /usr/local/etc/ssh/ssh_host_rsa_key
to convince openssh to only use RSA host keys.