I've been attempting to harden the sshd config on my new FreeNAS setup (I know FreeNAS is supposed to rely on network security, but I don't trust my consumer grade router as much as I trust sshd), and one of the parameters I've tried to set, namely:
causes the daemon to fail to start, silently from the shell and with the message "The service could not be started." from the GUI. The ciphers specified are both supported as of OpenSSH 6.4, and the parameter and syntax are correct according to FreeBSD's sshd_config documentation. Adding the parameter through the WebGUI and through modifying the script that generates sshd_config manually and rebooting both fail in the same way.
Also, how can I go about limiting the Host Keys that sshd uses, and regenerating the RSA key with a 4096 bit size, given that the keys aren't stored permanently in /etc? I don't particularly feel like letting my system support 1024 bit DSA, and while I'm at it would like to up the RSA key strength.
causes the daemon to fail to start, silently from the shell and with the message "The service could not be started." from the GUI. The ciphers specified are both supported as of OpenSSH 6.4, and the parameter and syntax are correct according to FreeBSD's sshd_config documentation. Adding the parameter through the WebGUI and through modifying the script that generates sshd_config manually and rebooting both fail in the same way.
Also, how can I go about limiting the Host Keys that sshd uses, and regenerating the RSA key with a 4096 bit size, given that the keys aren't stored permanently in /etc? I don't particularly feel like letting my system support 1024 bit DSA, and while I'm at it would like to up the RSA key strength.
