Strange behavior on changing SSH settings



  • Hi,

    I'm configuring XG-7100 and found a strange behavior when configuring SSH. From System > Advanced > Admin Access, I did

    1. Enable Secure Shell
    2. Set SSHd Key Only from Password or Public Key to Public Key Only
    3. Change SSH port from empty to 12345
    4. Press the Save button

    At the page top I see a notification box saying:

    The changes have been applied successfully.
    One moment...redirecting to https://xx.xx.xx.xx:xxxx/system_advanced_admin.php in 20 seconds.

    The settings I just changed look fine at this point. Then 20 seconds later the page reloads and I get

    • SSH is enabled
    • SSHd Key Only is reverted to Password or Public Key
    • SSH port is now 1

    I can ssh using port 22 now and in /conf/config.xml I see the wrong port number:

                    <ssh>1</ssh>
                    <sshd>e</sshd>
    

    I'm not sure what <sshd>e</sshd> means though. If I empty the port field and press the Save button again, I get the same wrong port, 1.

    This seems like a bug in the configurator to me. Has anyone seen the same behavior or is there a workaround?

    I'm using

    • XG-7100 Desktop
    • coreboot ADI_PLCC-01.00.00.10
    • pfSense 2.4.4-RELEASE

  • Rebel Alliance Developer Netgate

    I can't seem to reproduce that here, but I have seen similar issues on other pages that depend on how the original config looked.

    When you look at config.xml backups from before that change, did the <ssh></ssh> or <sshd></sshd> tags already exist, but empty?

    I have a fix that should work but I'd like to replicate it first.


  • Rebel Alliance Developer Netgate

    I was able to replicate it with an empty tag as I suspected. I opened https://redmine.pfsense.org/issues/8974 for it and I'll have a fix in shortly.



  • Thank you, @jimp!

    Is the 2.4.5 release coming soon? Or is there a workaround for this issue for the time being?


  • Rebel Alliance Developer Netgate

    The fix will be in 2.4.4-p1 which will be coming before too long. You can apply the commits listed on the ticket linked above using the System Patches package.



  • Thank you for the info.

    I just applied the patches using the System Patches package and the configurator seems to work fine.