Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start

orsomannaro

After upgrading to 2.2-RELEASE PFSEnse show this error message:

[ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

Now I can't login via ssh.

I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

Can somebody help me?

Thank you.

doktornotor

That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)

orsomannaro

I suspected as much! But the message stay there for more than one week…

orsomannaro

@orsomannaro:

I suspected as much! But the message stay there for more than one week…

some help?

dallo71

I've the same issue.

I've manually generate the missing certificates

ls -la /etc/ssh
total 516
drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
-rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
-rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
-rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
-rw-r--r--   1 root  wheel     612 Feb  7 08:54 ssh_host_dsa_key.pub
-rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
-rw-r--r--   1 root  wheel     184 Feb  7 08:11 ssh_host_ecdsa_key.pub
-rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
-rw-r--r--   1 root  wheel     104 Feb  7 08:12 ssh_host_ed25519_key.pub
-rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
-rw-r--r--   1 root  wheel     404 Feb  7 08:54 ssh_host_rsa_key.pub
-rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config

but using the start sshd command via web interface doesn't work

I've to start the server by the command

/usr/sbin/sshd

Any suggestion?

Thank you in advance

doktornotor

I think you should backup your config and reinstall the box from scratch. Restore config after that.

NOYB

SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue.  But can usually be resolved one way or another.

https://forum.pfsense.org/index.php?topic=87548.msg481036#msg481036

orsomannaro

@dallo71:

I've manually generate the missing certificates

How can I do this?

orsomannaro

The way i solved it.

Connet to pfSense via null-modem cable and Minicom software.

Enter pfSense console.

Check ssh probelm:

  /usr/sbin/sshd

Error messages:

  Could not load host key: /etc/ssh/ssh_host_ecdsa_key
  Could not load host key: /etc/ssh/ssh_host_ed25519_key

Generate new keys:

  cd /etc/ssh
  ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
  ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key

Start ssh:

  /usr/sbin/sshd

bwlinux

Thanks orsomannaro

I was able to execute those commands via Diagnostics -> Command Prompt  and got it working again.