Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Sshd wont start after first reboot. firstly it works for me…but then...

    2.2 Snapshot Feedback and Problems - RETIRED
    4
    10
    6021
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zor1984 last edited by

      sshd wont start after first reboot. firstly it works for me…but then...I add then remove it to "service watchdog" then sshd wont go up even through services applet. So i remove it from watchdog (clear all wtchdog list). But still cant start it again, even if i enable/disable few times through web interface.  :'( I've sended few crashes to devs, here is one last:

      Crash report begins.  Anonymous machine information:

      amd64
      10.1-RC3
      FreeBSD 10.1-RC3 #38 3ed8b80(releng/10.1)-dirty: Fri Oct 24 12:25:53 CDT 2014    root@pf22-amd64-snap:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10

      Crash report details:

      PHP Errors:
      [25-Oct-2014 08:44:55 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
      [25-Oct-2014 08:45:16 Europe/Moscow] PHP Fatal error:  Cannot redeclare byte_convert() (previously declared in /usr/local/pkg/phpservice.inc:52) in /usr/local/pkg/backup.inc on line 43
      [25-Oct-2014 08:48:12 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
      [25-Oct-2014 08:48:37 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
      [25-Oct-2014 08:56:04 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130

      Hope you can find what it is  ;D I am going to sleep now. Still, I tried most of the packages and they are mostly work out for me, but any of squid  :o….nvm it is BETA, so even though i glad to send few crash reports. Could you implement some automatic crash sending thing into pfsense 2.2 or next version? Cause i think automatic sending is way more better then manual and probably much more reliable.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        /etc/sshd master version in GitHub does not look like it has any mis-matched {} pairs, and no } at line 130.
        What is actually in your /etc/sshd?
        (Diagnostics->Edit file)

        1 Reply Last reply Reply Quote 0
        • Z
          zor1984 last edited by

          I am not edit any files, just add some services to the installed packet called "service watchdog" then delete all services for relaunch on the list of watch dog, so it is clear write now. Maybe some of my packages also can interfere with my configs, but since I reboot my system first time ssh work as intended for me. Maybe I just need to reset my box after 2.1.5 -> 2.2 RC-3 update to fix this behaviour? Just waiting for some advices  ;D Anyway, this is home box so no worries about it, I can anytime switch my screen to the box through my D-link KVM switch and access all options locally. So if you have any ideas i will gladly listen to your tips, but I am not a professional programmer and look like a dumb cow on these code  :D

          /etc/sshd

          #!/usr/local/bin/php -f
          /*
             sshd - Modified to work on disk based system
             Copyright 2004 Scott K Ullrich
          
             Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
             All rights reserved.
          
             Redistribution and use in source and binary forms, with or without
             modification, are permitted provided that the following conditions are met:
          
             1\. Redistributions of source code must retain the above copyright notice,
                this list of conditions and the following disclaimer.
          
             2\. Redistributions in binary form must reproduce the above copyright
                notice, this list of conditions and the following disclaimer in the
                documentation and/or other materials provided with the distribution.
          
             THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
             INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
             AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
             AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
             OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
             SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
             INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
             CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
             ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
             POSSIBILITY OF SUCH DAMAGE.
          */
          
             require_once("globals.inc");
             require_once("config.inc");
             require_once("functions.inc");
             require_once("shaper.inc");
          
             if (!isset($config['system']['enablesshd'])) {
                return;
             }
          
             /* are we already running?  if not, do conf_mount_rw(), otherwise it should already be rw */
             if (!is_subsystem_dirty('sshdkeys')) {
                conf_mount_rw();
             }
          
             $keys = array(
                'ssh_host_key',
                'ssh_host_key.pub',
                'ssh_host_dsa_key',
                'ssh_host_dsa_key.pub',
                'ssh_host_rsa_key',
                'ssh_host_rsa_key.pub',
                'ssh_host_ecdsa_key',
                'ssh_host_ecdsa_key.pub',
                'ssh_host_ed25519_key',
                'ssh_host_ed25519_key.pub'
             );
          
             /* restore ssh data for nanobsd platform */
             if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) {
                echo "Restoring SSH from /conf/sshd/";
                exec("/bin/cp -p /conf/sshd/* /etc/ssh/");
          
                /* make sure host private key permissions aren't too open so sshd won't complain */
                foreach($keys as $f2c) {
                   if(file_exists("/etc/ssh/{$f2c}"))
                      chmod("/etc/ssh/{$f2c}", 0600);
                }
             }
          
             /*    if any of these files are 0 bytes then they are corrupted.
              *    remove them
              */
             foreach($keys as $f2c) {
                if (file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) {
                   unlink_if_exists('/etc/ssh/ssh_host*');
                   break;
                }
             }
          
             if (!is_dir("/var/empty")) {
                /* make ssh home directory */
                mkdir("/var/empty", 0555);
             }
          
             if(!file_exists("/var/log/lastlog")) {
                /* Login related files. */
                @touch("/var/log/lastlog");
             }
          
             $sshConfigDir = "/etc/ssh";
          
             if (is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
                $sshport = $config['system']['ssh']['port'];
             else
                $sshport = 22;
          
             /* Include default configuration for pfSense */
             $sshconf = "# This file is automatically generated at startup\n";
             $sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";
             $sshconf .= "PermitRootLogin yes\n";
             $sshconf .= "Compression yes\n";
             $sshconf .= "ClientAliveInterval 30\n";
             $sshconf .= "UseDNS no\n";
             $sshconf .= "X11Forwarding no\n";
             if (isset($config['system']['ssh']['sshdkeyonly'])) {
                $sshconf .= "# Login via Key only\n";
                $sshconf .= "PasswordAuthentication no\n";
                $sshconf .= "ChallengeResponseAuthentication no\n";
                $sshconf .= "PubkeyAuthentication yes\n";
             } else {
                $sshconf .= "# Login via Key and Password\n";
                $sshconf .= "PasswordAuthentication yes\n";
                $sshconf .= "ChallengeResponseAuthentication yes\n";
                $sshconf .= "PubkeyAuthentication yes\n";
             }
             $sshconf .= "# override default of no subsystems\n";
             $sshconf .= "Subsystem       sftp    /usr/libexec/sftp-server\n";
             /* Only allow protocol 2, because we say so */
             $sshconf .= "Protocol 2\n";
             /* Run the server on another port if we have one defined */
             $sshconf .= "Port $sshport\n";
             if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}
             /* Hide FreeBSD version */
             $sshconf .= "VersionAddendum \n";
          
             /* Apply package SSHDCond settings if config file exists */
                $szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file
                $sshconf .= $szExtra;
                fclose($fdExtra);
             }
          
             /* Write the new sshd config file */
             @file_put_contents("/etc/ssh/sshd_config", $sshconf);
          
             /* mop up from a badly implemented ssh keys -> cf backup */
             if($config['ssh']['dsa_key'] <> "") {
                unset($config['ssh']['dsa_key']);
                unset($config['ssh']['ecdsa_key']);
                unset($config['ssh']['ed25519_key']);
                unset($config['ssh']['rsa_key']);
                unset($config['ssh']['rsa1_key']);
                unset($config['ssh']['dsa']);
                unset($config['ssh']['rsa']);
                unset($config['ssh']['rsa1']);
                unset($config['ssh']['ak']);
                write_config("Clearing SSH keys from config.xml");
             }
          
             /* are we already running?  if so exit */
             if(is_subsystem_dirty('sshdkeys')) {
                unset($keys);
                return;
             }
          
             // Check for all needed key files. If any are missing, the keys need to be regenerated.
             $generate_keys = false;
             foreach ($keys as $f2c) {
                if (!file_exists("/etc/ssh/{$f2c}")) {
                   $generate_keys = true;
                   break;
                }
             }
          
             if ($generate_keys) {
                /* remove previous keys and regen later */
                file_notice("SSH", "{$g['product_name']} has started creating your SSH keys.  SSH Startup will be delayed.  Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", "");
                unlink_if_exists('/etc/ssh/ssh_host_*');
                mark_subsystem_dirty('sshdkeys');
                echo " Generating Keys:\n";
                $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
                $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
                $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
                $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
                $_gb = exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key");
                clear_subsystem_dirty('sshdkeys');
                file_notice("SSH", "{$g['product_name']} has completed creating your SSH keys.  SSH is now started.", "SSH Startup", "");
             }
          
             /* kill existing sshd process, server only, not the childs */
             $sshd_pid = exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
             if($sshd_pid <> "") {
                echo "stopping ssh process $sshd_pid \n";
                @posix_kill($sshd_pid, SIGTERM);
             }
             /* Launch new server process */
             $status = mwexec("/usr/sbin/sshd");
             if($status <> 0) {
                file_notice("sshd_startup", "SSHD failed to start.", "SSHD Daemon", "");
                echo "error!\n";
             } else {
                echo "done.\n";
             }
          
             // NanoBSD
             if($g['platform'] == "nanobsd") {
                if(!is_dir("/conf/sshd"))
                   mkdir("/conf/sshd", 0750);
                $_gb = exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
             }
             conf_mount_ro();
             unset($keys);
          ?>
          
          /usr/local/pkg/phpservice.inc
          
          [code]/* $Id$ */
          /*
          /* ========================================================================== */
          /*
              phpservice.inc
              Copyright (C) 2008 Mark J Crane
              All rights reserved.
                                                                                        */
          /* ========================================================================== */
          /*
          	Redistribution and use in source and binary forms, with or without
          	modification, are permitted provided that the following conditions are met:
          
          	1\. Redistributions of source code must retain the above copyright notice,
          	   this list of conditions and the following disclaimer.
          
          	2\. Redistributions in binary form must reproduce the above copyright
          	   notice, this list of conditions and the following disclaimer in the
          	   documentation and/or other materials provided with the distribution.
          
          	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
          	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
          	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
          	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
          	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
          	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
          	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
          	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
          	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
          	POSSIBILITY OF SUCH DAMAGE.
          */
          
          if (!function_exists("pkg_is_service_running")) {
          	function pkg_is_service_running($servicename)
          	{
          	    exec("/bin/ps ax | awk '{ print $5 }'", $psout);
          	    array_shift($psout);
          	    foreach($psout as $line) {
          		$ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line)))));
          	    }
          	    if(is_service_running($servicename, $ps) or is_process_running($servicename) ) {
          		return true;
          	    }
          	    else {
          		return false;
          	    }
          	}
          }
          
          if (!function_exists("byte_convert")) {
          	function byte_convert( $bytes ) {
          	    if ($bytes<=0)
          		return '0 Byte';
          
          	    $convention=1000; //[1000->10^x|1024->2^x]
          	    $s=array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB');
          	    $e=floor(log($bytes,$convention));
          	    return round($bytes/pow($convention,$e),2).' '.$s[$e];
          	}
          }
          
          function phpservice_sync_package_php()
          {
          
            global $config; 
            if($config['installedpackages']['phpservice']['config'] != "") {
          
              conf_mount_rw();
              config_unlock();
          
          		$tmp = "		$tmp .= "\n";
          		$tmp .= "// Set time limit to indefinite execution\n";
          		$tmp .= "set_time_limit (0);\n";
          		$tmp .= "\n";
          		$tmp .= "//run this program as long as the pid file exists\n";
          		$tmp .= "\$filename = '/tmp/phpmonitor.pid';\n";
          		$tmp .= "\$fp = fopen(\$filename, 'w');\n";
          		$tmp .= "fwrite(\$fp, \"If this file is deleted then phpmonitor will stop.\");\n";
          		$tmp .= "fclose(\$fp);\n";
          		$tmp .= "unset(\$filename);\n";
          		$tmp .= "\n";
          		$tmp .= "//require_once(\"config.inc\");\n";
          		$tmp .= "//global \$config;\n";
          		$tmp .= "//\$syslogaddress = \$config['syslog']['remoteserver'];\n";
          		$tmp .= "\$syslogaddress = \"127.0.0.1\";\n";
          		$tmp .= "\$syslogport = 514;\n";
          		$tmp .= "echo \"syslog server: \".\$syslogaddress.\"\\n\";\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "function send_to_syslog(\$syslogaddress, \$syslogport, \$syslogmsg) {\n";
          		$tmp .= "\n";
          		$tmp .= "  \$fp = fsockopen(\"udp://\".\$syslogaddress, \$syslogport, \$errno, \$errstr);\n";
          		$tmp .= "  if (!\$fp) {\n";
          		$tmp .= "      //echo \"ERROR: \$errno - \$errstr
          \\n\";\n";
          		$tmp .= "  } else {\n";
          		$tmp .= "      fwrite(\$fp, \$syslogmsg);\n";
          		$tmp .= "      fclose(\$fp);\n";
          		$tmp .= "  }\n";
          		$tmp .= "\n";
          		$tmp .= "}\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "//\$msg = \"1.begin loop. \".date('r').\"\\n\";\n";
          		$tmp .= "//\$fp = fopen('/tmp/phpmonitor.txt', 'a');\n";
          		$tmp .= "//fwrite(\$fp, \$msg.\"\\n\");\n";
          		$tmp .= "//fclose(\$fp);\n";
          		$tmp .= "\n";
          		$tmp .= "\$x = 0;\n";
          		$tmp .= "while(\$x == 0) {\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "  if(!file_exists('/tmp/phpmonitor.pid')) {\n";
          		$tmp .= "    //if the file does not exist then close the program.\n";
          		$tmp .= "    echo \"program closing\\n\";\n";
          		$tmp .= "    return;\n";
          		$tmp .= "  }\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          
          		foreach($config['installedpackages']['phpservice']['config'] as $rowhelper) {
          			if ($rowhelper['enabled'] != "false") {
          				$tmp_php = base64_decode($rowhelper['php']);
          				if (strlen($tmp_php) > 0) {
          					$tmp .= "// name: ".$rowhelper['name']." \n";
          					$tmp .= "// description: ".$rowhelper['description']." \n\n";				      
          					$tmp .= base64_decode($rowhelper['php']);
          					$tmp .= "\n";
          				}
          			}
          
          		}
          
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "  //usleep(100000);  //micro seconds //2 seconds 2000000\n";
          		$tmp .= "  sleep(1); //in seconds\n";
          		$tmp .= "  //if (\$x > 60){ exit; } //exit after 60 seconds for testing\n";
          		$tmp .= "} //emd while\n";
          		$tmp .= "\n";
          		$tmp .= "\n";
          		$tmp .= "?>";
          
          		$fout = fopen("/usr/local/pkg/phpservice.php","w");
          		fwrite($fout, $tmp);
          		unset($tmp);
          		fclose($fout);
          
          		conf_mount_ro();
          
            }
          }
          
          function phpservice_sync_package()
          {
          
          	global $config;   
          	phpservice_sync_package_php();
          
          }
          
          function phpservice_install_command()
          {
          
          	global $config;
          	conf_mount_rw();
          	config_lock();
          
          	if (!is_dir('/usr/local/www/packages/')) {
          	   exec("mkdir /usr/local/www/packages/");
          	}
          
          	if (!is_dir('/usr/local/www/packages/phpservice/')) {
          	   exec("mkdir /usr/local/www/packages/phpservice/");
          	}
          
          	//rename PHP files from .tmp to .php
          	exec("cp /tmp/phpservice_php.tmp /usr/local/www/packages/phpservice/phpservice_php.php");
          	unlink_if_exists("/tmp/phpservice_php.tmp");
          
          	exec("cp /tmp/phpservice_php_edit.tmp /usr/local/www/packages/phpservice/phpservice_php_edit.php");
          	unlink_if_exists("/tmp/phpservice_php_edit.tmp");
          
            //write_config();
          
          	write_rcfile(array(
          		"file" => "phpservice.sh",
          		"start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &",
          		"stop" => "rm /tmp/phpmonitor.pid"
          		)
          	);
          
          	phpservice_sync_package();
          	//$handle = popen("/usr/local/etc/rc.d/phpservice.sh start", "r");
          	//pclose($handle);
          
          	//if (pkg_is_service_running('phpservice')) {  
          		//documentation purposes
          	//}
          
          	conf_mount_ro();
          	config_unlock();
          
          }
          
          function phpservice_deinstall_command()
          {
          
          	conf_mount_rw();
          	config_lock();
          	$handle = popen("/usr/local/etc/rc.d/phpservice.sh stop", "r");
          	unlink_if_exists("/usr/local/pkg/phpservice.xml");
          	unlink_if_exists("/usr/local/pkg/phpservice.inc");
          	unlink_if_exists("/usr/local/www/phpservice.inc");
          	unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh");	
          	conf_mount_ro();
          	config_unlock();
          
          }
          
          ?>
          [/code]
          
          [img]https://i.imgur.com/klfPmOl.png[/img]
          
          [img]https://i.imgur.com/94EiFYI.png[/img]
          
          [img]https://i.imgur.com/MFznTby.png[/img]
          
          [img]https://i.imgur.com/7mezIwd.png[/img]
          
          [img]https://i.imgur.com/gDZE4vD.png[/img][/s]</fredmol@xs4all.nl>
          
          1 Reply Last reply Reply Quote 0
          • P
            phil.davis last edited by

            Your /etc/sshd file is a little different to the official distribution.

            Line 123 has been added:

               if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}
            
            

            And line 128 and 129 are missing:

            	if (file_exists("/etc/sshd_extra")) {
            		$fdExtra = fopen("/etc/sshd_extra", 'r');
            
            

            Those missing lines cause a missing opening "{" and thus the error about an unexpected "}" further down.
            What happened to cause this file to be edited?

            Anyway, you can fix it up again by:
            a) Go to https://raw.githubusercontent.com/pfsense/pfsense/master/etc/sshd to see the text of the file on GitHub. Select and copy the text.
            b) On the WebGUI of pfSense, Diagnostics->Edit, bring up /etc/sshd, select all the text, paste the good text from GitHub, save.

            Or upgrade to the next snapshot, that should overwrite everything, including /etc/sshd, with the correct code.

            1 Reply Last reply Reply Quote 0
            • Z
              zor1984 last edited by

              Well. it is edited by some package interfering with ssh, I don't remember what exactly the name of it, to be honest yesterday I've install way too many packages to try it out, then some of them doing mess with my configuration. Even resetting to factory defaults doesn't help, so I try to copy/paste conf file from github  ;D Thank you for your answers I appreciate your help  :D

              Yapp! It's running perfectly now

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis last edited by

                It would be good to find out what package is doing the editing - because it is going to screw up with different versions of /etc/sshd
                If you have a package suspect in mind, mention it.
                Edit, add: the suspect was not hard to find - sshdcond package has code that edit /etc/sshd
                https://github.com/pfsense/pfsense-packages/blob/master/config/sshdcond/sshdcond.inc
                The master version of /etc/sshd was modified by:
                https://github.com/pfsense/pfsense/commit/5a89049022022e98f745ccb1eba51b7f438f6fe7
                In particular, it did:

                - if(file_exists("/etc/sshd_extra"))
                - {
                + if (file_exists("/etc/sshd_extra")) {
                

                That put the "{" on the same line as the "if" and made a big difference to the result of the editing done by sshdcond.

                Bug reported: https://redmine.pfsense.org/issues/3959

                1 Reply Last reply Reply Quote 0
                • Z
                  zor1984 last edited by

                  @phil.davis:

                  It would be good to find out what package is doing the editing - because it is going to screw up with different versions of /etc/sshd
                  If you have a package suspect in mind, mention it.
                  Edit, add: the suspect was not hard to find - sshdcond package has code that edit /etc/sshd
                  https://github.com/pfsense/pfsense-packages/blob/master/config/sshdcond/sshdcond.inc
                  The master version of /etc/sshd was modified by:
                  https://github.com/pfsense/pfsense/commit/5a89049022022e98f745ccb1eba51b7f438f6fe7
                  In particular, it did:

                  - if(file_exists("/etc/sshd_extra"))
                  - {
                  + if (file_exists("/etc/sshd_extra")) {
                  

                  That put the "{" on the same line as the "if" and made a big difference to the result of the editing done by sshdcond.

                  Bug reported: https://redmine.pfsense.org/issues/3959

                  Thanks for doing it for me, I look into this code now trying to understand what's wrong with it  ::), seems you are right here, these package has almost ruin my life yesterday  ;D

                  Yepp now I see this piece of code:

                  121 115  	/* Apply package SSHDCond settings if config file exists */ 
                  122  -	if(file_exists("/etc/sshd_extra")) 
                  123  -	{ 
                   116 +	if (file_exists("/etc/sshd_extra")) { 
                  124 117  		$fdExtra = fopen("/etc/sshd_extra", 'r'); 
                  125 118  		$szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file 
                  126 119  		$sshconf .= $szExtra; 
                  
                   
                   @@ -128,9 +121,7 @@ 
                  128 121  	} 
                  
                  

                  Thank you for reporting bug for me, I've just installed these package to try if it extend/enhance in some way functionality as it written in package info: "Allows to define SSH overrides for users,groups,hosts and addresses using Match in a convenient way. This package acts as an access list frontend for ssh connections", but it seems digging in alpha/beta packages is not for me to deal with. I'm trying to stay out of it using most of released or stable packages next time  :P Even though half of the packages I've tried to install yesterday report missing digital signature message, so it has to be fixed sometime late when 2.2 is prepared for release. Also my thoughts is for adding some functionality to package installation process, some marks that desired to install package does not met system requirements or can break something on the main distribution when installed  :-X or some option to hide all unstable testing packages using some filtering with parameters like "platform & status", which is could potentially grow performance when showing up a list of packages even though they can be now sorted out by categories . Cause tabs it's a good idea, but it's not enough here in package manager to filter pbi packets that you need/want to install on your system. Hope we see some changes in that way in the future.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis last edited by

                    Renato committed some fixes for this today. The bug https://redmine.pfsense.org/issues/3959 is now in Feedback. Since I don't actually use this package, it is a bit hard for me to really verify that it works OK now.
                    If anyone is using sshdcond I suggest you update to latest snap and latest package version and then report back on the Redmine bug to say if it now works OK.

                    1 Reply Last reply Reply Quote 0
                    • T
                      Topper727 last edited by

                      I am having same issue.. was loving the updates in 2.2 cause ssh would run till I rebooted or lost power.  But now since no more updates as I am on 1/16 RC 64 bit and that is last I see till 2.2 release I will have to wait till 2.2 release to have ssh back and only till I reboot again ?

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb last edited by

                        @Topper727:

                        I am having same issue..

                        You're not having the same issue. This thread was about a long-ago fixed issue with SSH host key generation in some circumstances. There are no known issues along these lines since, and any that do exist wouldn't be relevant to this thread. Please start a new thread with specifics of what you're seeing, as it's definitely completely unrelated to this thread.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy