Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start

    Problems Installing or Upgrading pfSense Software
    5
    10
    4.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orsomannaro
      last edited by

      After upgrading to 2.2-RELEASE PFSEnse show this error message:

      [ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

      In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

      Now I can't login via ssh.

      I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

      Can somebody help me?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)

        1 Reply Last reply Reply Quote 0
        • O
          orsomannaro
          last edited by

          I suspected as much! But the message stay there for more than one week…

          1 Reply Last reply Reply Quote 0
          • O
            orsomannaro
            last edited by

            @orsomannaro:

            I suspected as much! But the message stay there for more than one week…

            some help?

            1 Reply Last reply Reply Quote 0
            • D
              dallo71
              last edited by

              I've the same issue.

              I've manually generate the missing certificates

              
              ls -la /etc/ssh
              total 516
              drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
              drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
              -rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
              -rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
              -rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
              -rw-r--r--   1 root  wheel     612 Feb  7 08:54 ssh_host_dsa_key.pub
              -rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
              -rw-r--r--   1 root  wheel     184 Feb  7 08:11 ssh_host_ecdsa_key.pub
              -rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
              -rw-r--r--   1 root  wheel     104 Feb  7 08:12 ssh_host_ed25519_key.pub
              -rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
              -rw-r--r--   1 root  wheel     404 Feb  7 08:54 ssh_host_rsa_key.pub
              -rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config
              
              

              but using the start sshd command via web interface doesn't work

              I've to start the server by the command

              
              /usr/sbin/sshd
              
              

              Any suggestion?

              Thank you in advance

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                I think you should backup your config and reinstall the box from scratch. Restore config after that.

                1 Reply Last reply Reply Quote 0
                • N
                  NOYB
                  last edited by

                  SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue.  But can usually be resolved one way or another.

                  https://forum.pfsense.org/index.php?topic=87548.msg481036#msg481036

                  1 Reply Last reply Reply Quote 0
                  • O
                    orsomannaro
                    last edited by

                    @dallo71:

                    I've manually generate the missing certificates

                    How can I do this?

                    1 Reply Last reply Reply Quote 0
                    • O
                      orsomannaro
                      last edited by

                      The way i solved it.

                      Connet to pfSense via null-modem cable and Minicom software.

                      Enter pfSense console.

                      Check ssh probelm:

                      
                        /usr/sbin/sshd
                      
                      

                      Error messages:

                      
                        Could not load host key: /etc/ssh/ssh_host_ecdsa_key
                        Could not load host key: /etc/ssh/ssh_host_ed25519_key
                      
                      

                      Generate new keys:

                      
                        cd /etc/ssh
                        ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
                        ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key
                      
                      

                      Start ssh:

                      
                        /usr/sbin/sshd
                      
                      
                      1 Reply Last reply Reply Quote 1
                      • B
                        bwlinux
                        last edited by

                        Thanks orsomannaro

                        I was able to execute those commands via Diagnostics -> Command Prompt  and got it working again.

                        1 Reply Last reply Reply Quote 0
                        • M manicmoose referenced this topic on
                        • K KrypticKahos referenced this topic on
                        • E e-1-1 referenced this topic on
                        • E e-1-1 referenced this topic on
                        • E e-1-1 referenced this topic on
                        • E e-1-1 referenced this topic on
                        • E e-1-1 referenced this topic on
                        • G gwabber referenced this topic on
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.