Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start

orsomannaro · Feb 6, 2015, 11:20 AM

After upgrading to 2.2-RELEASE PFSEnse show this error message:

[ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

Now I can't login via ssh.

I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

Can somebody help me?

Thank you.

doktornotor · Feb 6, 2015, 11:39 AM

That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)

orsomannaro · Feb 6, 2015, 1:44 PM

I suspected as much! But the message stay there for more than one week…

orsomannaro · Feb 10, 2015, 2:17 PM

@orsomannaro:

I suspected as much! But the message stay there for more than one week…

some help?

dallo71 · Feb 22, 2015, 10:05 PM

I've the same issue.

I've manually generate the missing certificates


ls -la /etc/ssh
total 516
drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
-rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
-rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
-rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
-rw-r--r--   1 root  wheel     612 Feb  7 08:54 ssh_host_dsa_key.pub
-rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
-rw-r--r--   1 root  wheel     184 Feb  7 08:11 ssh_host_ecdsa_key.pub
-rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
-rw-r--r--   1 root  wheel     104 Feb  7 08:12 ssh_host_ed25519_key.pub
-rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
-rw-r--r--   1 root  wheel     404 Feb  7 08:54 ssh_host_rsa_key.pub
-rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config

but using the start sshd command via web interface doesn't work

I've to start the server by the command


/usr/sbin/sshd

Any suggestion?

Thank you in advance

doktornotor · Feb 22, 2015, 10:06 PM

I think you should backup your config and reinstall the box from scratch. Restore config after that.

NOYB · Feb 22, 2015, 11:10 PM

SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue. But can usually be resolved one way or another.

https://forum.pfsense.org/index.php?topic=87548.msg481036#msg481036

orsomannaro · Feb 23, 2015, 7:39 AM

@dallo71:

I've manually generate the missing certificates

How can I do this?

orsomannaro · Feb 23, 2015, 9:46 AM

The way i solved it.

Connet to pfSense via null-modem cable and Minicom software.

Enter pfSense console.

Check ssh probelm:


  /usr/sbin/sshd

Error messages:


  Could not load host key: /etc/ssh/ssh_host_ecdsa_key
  Could not load host key: /etc/ssh/ssh_host_ed25519_key

Generate new keys:


  cd /etc/ssh
  ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
  ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key

Start ssh:


  /usr/sbin/sshd

bwlinux · Dec 22, 2015, 5:00 PM

Thanks orsomannaro

I was able to execute those commands via Diagnostics -> Command Prompt and got it working again.