• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Why would ssh keys change on a pfSense power cycle?

Scheduled Pinned Locked Moved Virtualization
2 Posts 2 Posters 815 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MakOwner
    last edited by Jan 14, 2017, 11:44 PM

    I just set up a virtual pfSense instance a few days ago.

    I took down my ESXi server to add in a quad port Intel NIC. 
    pfSense at power up reported missing SSH keys and generated new ones.
    At the same time the VMWare console failed to connect reporting invalid SSL.

    I found a VMWare KB article that stated doing a power off and restart would regenerate the keys, which did resolve the issue.
    I answered and cleared the alerts on pfSense.

    My question is what would cause this chain of events that appear to have been initiated by the powercycle/hardware add on the ESXi server?
    Is this normal?
    Should I be concerned?  This is the first time I have had an ESXi interface connected directly to the internet, and I'm still somewhat concerned this set up may not be as secure as a physical pfSense configuration.

    1 Reply Last reply Reply Quote 0
    • B
      behemyth
      last edited by Jan 18, 2017, 1:41 AM

      As long as you set up the vswitch so that only the pfsense box has a LAN port on it, and its running to a dedicated esxi NIC your fine.

      That's not as uncommon as you think. I run into that all the time when I work on networking chassis or firewalls, anytime I change out a line card or module it regenerates the ssh keys when it restarts.

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received