Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start


  • After upgrading to 2.2-RELEASE PFSEnse show this error message:

    [ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

    In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

    Now I can't login via ssh.

    I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

    Can somebody help me?

    Thank you.

  • Banned

    That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)


  • I suspected as much! But the message stay there for more than one week…


  • @orsomannaro:

    I suspected as much! But the message stay there for more than one week…

    some help?


  • I've the same issue.

    I've manually generate the missing certificates

    
    ls -la /etc/ssh
    total 516
    drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
    drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
    -rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
    -rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
    -rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
    -rw-r--r--   1 root  wheel     612 Feb  7 08:54 ssh_host_dsa_key.pub
    -rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
    -rw-r--r--   1 root  wheel     184 Feb  7 08:11 ssh_host_ecdsa_key.pub
    -rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
    -rw-r--r--   1 root  wheel     104 Feb  7 08:12 ssh_host_ed25519_key.pub
    -rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
    -rw-r--r--   1 root  wheel     404 Feb  7 08:54 ssh_host_rsa_key.pub
    -rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config
    
    

    but using the start sshd command via web interface doesn't work

    I've to start the server by the command

    
    /usr/sbin/sshd
    
    

    Any suggestion?

    Thank you in advance

  • Banned

    I think you should backup your config and reinstall the box from scratch. Restore config after that.


  • SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue.  But can usually be resolved one way or another.

    https://forum.pfsense.org/index.php?topic=87548.msg481036#msg481036


  • @dallo71:

    I've manually generate the missing certificates

    How can I do this?


  • The way i solved it.

    Connet to pfSense via null-modem cable and Minicom software.

    Enter pfSense console.

    Check ssh probelm:

    
      /usr/sbin/sshd
    
    

    Error messages:

    
      Could not load host key: /etc/ssh/ssh_host_ecdsa_key
      Could not load host key: /etc/ssh/ssh_host_ed25519_key
    
    

    Generate new keys:

    
      cd /etc/ssh
      ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
      ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key
    
    

    Start ssh:

    
      /usr/sbin/sshd
    
    

  • Thanks orsomannaro

    I was able to execute those commands via Diagnostics -> Command Prompt  and got it working again.