Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automatic Backups from previous owner

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 560 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      diegus83
      last edited by

      Hi all, I recently bought a pre-owned SG-1100 and it is my first pfSense device. The device came with factory settings (I assume) since I was prompted to run the Setup Wizard the first time I connected.

      I have all the basics working so I decided to enable the Auto Configuration Backup, after doing so I can see the last 100 backups made by the previous owner in the Restore tab. I understand these backups are tied to the Device Key which in turn is tied to the SSH public key and this probably means the system wasn't reinstalled but just reset to defaults. I guess this also means the previous owner could see my backup log (not the config itself) if he has saved the Device Key.

      Here is my question: Can I just generate new SSH keys and hence a new Device Key and that would be enough to stop the "cross contamination" of backup logs? Or do I have to do a clean install to get new keys?

      I know that from a security point of view a clean install is probably the way to go but I doubt the eBay seller is out to get me with a poisoned install.

      I'm comfortable with the CLI (if new keys can't be generated via the GUI).

      Thanks for your help!

      kiokomanK 1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8 @diegus83
        last edited by

        @diegus83
        the ssh key files are stored inside /etc/ssh
        you can generate new key with

        ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key

        make a backup of the files first ...
        reboot and see if the Device key changed, I have never tried

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Yes I would clean install that anyway to be sure. You really have no idea what the previous owner may or may not have done.
          Also it's always a good idea to have a copy of the reinstall image and to know you can use it. 😉

          Open a ticket with us with your NDI to get it: https://go.netgate.com/

          Steve

          1 Reply Last reply Reply Quote 0
          • D
            diegus83
            last edited by diegus83

            @kiokoman For future reference, I generated new keys and as expected the Device Key changed and I could create new backups with a clean log. So now we know that seems to work.

            @stephenw10 I will do that now, thanks for the suggestion. I already know I can connect to the console via USB since I decided "I should try that now while it is not an emergency instead of when I break something and the internet stops working" 😬

            Thanks to both for your time.

            stephenw10S 1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator @diegus83
              last edited by

              @diegus83 said in Automatic Backups from previous owner:

              I decided "I should try that now while it is not an emergency instead of when I break something and the internet stops working"

              I approve of this decision. 😁

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.