Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start

  • After upgrading to 2.2-RELEASE PFSEnse show this error message:

    [ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

    In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

    Now I can't login via ssh.

    I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

    Can somebody help me?

    Thank you.

  • Banned

    That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)

  • I suspected as much! But the message stay there for more than one week…

  • @orsomannaro:

    I suspected as much! But the message stay there for more than one week…

    some help?

  • I've the same issue.

    I've manually generate the missing certificates

    ls -la /etc/ssh
    total 516
    drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
    drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
    -rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
    -rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
    -rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
    -rw-r--r--   1 root  wheel     612 Feb  7 08:54
    -rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
    -rw-r--r--   1 root  wheel     184 Feb  7 08:11
    -rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
    -rw-r--r--   1 root  wheel     104 Feb  7 08:12
    -rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
    -rw-r--r--   1 root  wheel     404 Feb  7 08:54
    -rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config

    but using the start sshd command via web interface doesn't work

    I've to start the server by the command


    Any suggestion?

    Thank you in advance

  • Banned

    I think you should backup your config and reinstall the box from scratch. Restore config after that.

  • SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue.  But can usually be resolved one way or another.

  • @dallo71:

    I've manually generate the missing certificates

    How can I do this?

  • The way i solved it.

    Connet to pfSense via null-modem cable and Minicom software.

    Enter pfSense console.

    Check ssh probelm:


    Error messages:

      Could not load host key: /etc/ssh/ssh_host_ecdsa_key
      Could not load host key: /etc/ssh/ssh_host_ed25519_key

    Generate new keys:

      cd /etc/ssh
      ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
      ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key

    Start ssh:


  • Thanks orsomannaro

    I was able to execute those commands via Diagnostics -> Command Prompt  and got it working again.