Can the "Auto Configuration Backup" Device Key be recovered from the CLI?
-
I've recently had a pfSense 2100 router fail due to its mmc flash card going corrupt. Or at least it appears that way. I failed to document the Device Key so that I could restore the backup at a later time from pfSense's cloud servers.
I've managed to boot the device in Single User mode and have mounted the ZFS volumes following the "Troubleshooting in Single User mode" documentation in Netgate's Docs. I know that the Device Key is "derived from the SSH public key" and I've been able to find the ssh public key on my device in /etc/ssh/ssh_host_ed25519_key.pub or /etc/ssh/ssh_host_rsa_key.pub. Can the contents of either of those files be used to recover the Device ID? Could it be stored elsewhere in CLI?
-
I'm seeing from basic google search that I cannot recover the device key from the CLI and that it's derived from the public ssh key but used as a sort of seed phrase to generate the device key. So, I don't see a way to recover it.
However, it also appears that the existing config along with several previous backups are found in /cf/conf/config.xml. So I should be able to grab that and restore the configuration from there.
-
@dutsnekcirf said in Can the "Auto Configuration Backup" Device Key be recovered from the CLI?:
However, it also appears that the existing config along with several previous backups are found in /cf/conf/config.xml. So I should be able to grab that and restore the configuration from there.
That is the best option, copy the /cf/conf directory off of the 2100 and restore the config (on the SSD).
-
@patient0 I just want to make sure I'm fully understanding.
My plan is to copy the entire /cf/conf directory to a usb drive. And then I'm going to follow the instructions to install an m.2 ssd into this device and reinstall pfSense following these instructions: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/m-2-sata-installation.html
Once the box is running a fresh new installation of pfSense, how should I copy that directory back onto the box from my usb drive? Do I need to boot back into single user mode again and just copy it in from my usb drive? or is it easier to just use the backup/restore features in the web ui? Would I only provide the config.xml file during the restore process if I use the Web UI? Or does it somehow need all of the files found in the /cf/config directory?
Thanks!
-
@dutsnekcirf said in Can the "Auto Configuration Backup" Device Key be recovered from the CLI?:
how should I copy that directory back onto the box from my usb drive?
Install pfSense using the installer.
Accept all values 'by default', so you can go as fast as possible.
As soon as the GUI becomes alive, login, and import the latest backed up config.
Have it reboot - and during reboot it will set up your LAN 'as before' a,d your WAN 'as before' - and all interface if you had any.
Because WAN is now fully operational and you had probably some packages installed, it will fetch them, and set them up. This can take a minute or two.
When that's done, for good manner, from the GUI, do a fill reboot again.If you really want to, you an now insert the USB drive with all the files have kept on it, mount the USB drive, and copy (/cf/conf/backup - see below) them in place.
Just keep in mind : check what happens afterwards. Normally, the files located in /cf/conf/backup/ are maintained by pfSense. Dono what happens when you copy files in there.
The content of /cf/conf/ : don't touch / add / remove anything from that place, let pfSense handle it.
Or create a new folder below the /root/ folder, and put them there.Or don't copy anything, keep the saved files on another place, like the USB drive, as that will be the best place : not on pfSense itself, but another device.
