Why would ssh keys change on a pfSense power cycle?
I just set up a virtual pfSense instance a few days ago.
I took down my ESXi server to add in a quad port Intel NIC.
pfSense at power up reported missing SSH keys and generated new ones.
At the same time the VMWare console failed to connect reporting invalid SSL.
I found a VMWare KB article that stated doing a power off and restart would regenerate the keys, which did resolve the issue.
I answered and cleared the alerts on pfSense.
My question is what would cause this chain of events that appear to have been initiated by the powercycle/hardware add on the ESXi server?
Is this normal?
Should I be concerned? This is the first time I have had an ESXi interface connected directly to the internet, and I'm still somewhat concerned this set up may not be as secure as a physical pfSense configuration.
As long as you set up the vswitch so that only the pfsense box has a LAN port on it, and its running to a dedicated esxi NIC your fine.
That's not as uncommon as you think. I run into that all the time when I work on networking chassis or firewalls, anytime I change out a line card or module it regenerates the ssh keys when it restarts.