Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Error after upgrade to 2.2-RELEASE: sshd Secure Shell Daemon doesn't start

    Installation and Upgrades
    5
    10
    2746
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orsomannaro last edited by

      After upgrading to 2.2-RELEASE PFSEnse show this error message:

      [ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]

      In Service Status I can see that sshd Secure Shell Daemon is stop. I tryed to restart it but without success.

      Now I can't login via ssh.

      I generated a new certificate from System > Cert Manager but this doesn't solve the problem.

      Can somebody help me?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        That's not an error and you should just wait till the keys get created as noted in the message. (System > Cert Manager is totally unrelated to SSH keys.)

        1 Reply Last reply Reply Quote 0
        • O
          orsomannaro last edited by

          I suspected as much! But the message stay there for more than one week…

          1 Reply Last reply Reply Quote 0
          • O
            orsomannaro last edited by

            @orsomannaro:

            I suspected as much! But the message stay there for more than one week…

            some help?

            1 Reply Last reply Reply Quote 0
            • D
              dallo71 last edited by

              I've the same issue.

              I've manually generate the missing certificates

              
              ls -la /etc/ssh
              total 516
              drwxr-xr-x   2 root  wheel     512 Feb  7 08:54 .
              drwxr-xr-x  27 root  wheel    4608 Feb 22 22:35 ..
              -rw-r--r--   1 root  wheel  242153 Jan 22 22:07 moduli
              -rw-r--r--   1 root  wheel    1647 Jan 22 22:07 ssh_config
              -rw-------   1 root  wheel     668 Feb  7 08:54 ssh_host_dsa_key
              -rw-r--r--   1 root  wheel     612 Feb  7 08:54 ssh_host_dsa_key.pub
              -rw-------   1 root  wheel     227 Feb  7 08:11 ssh_host_ecdsa_key
              -rw-r--r--   1 root  wheel     184 Feb  7 08:11 ssh_host_ecdsa_key.pub
              -rw-------   1 root  wheel     419 Feb  7 08:12 ssh_host_ed25519_key
              -rw-r--r--   1 root  wheel     104 Feb  7 08:12 ssh_host_ed25519_key.pub
              -rw-------   1 root  wheel    1675 Feb  7 08:54 ssh_host_rsa_key
              -rw-r--r--   1 root  wheel     404 Feb  7 08:54 ssh_host_rsa_key.pub
              -rw-r--r--   1 root  wheel     445 Feb 22 22:44 sshd_config
              
              

              but using the start sshd command via web interface doesn't work

              I've to start the server by the command

              
              /usr/sbin/sshd
              
              

              Any suggestion?

              Thank you in advance

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                I think you should backup your config and reinstall the box from scratch. Restore config after that.

                1 Reply Last reply Reply Quote 0
                • N
                  NOYB last edited by

                  SSHD not starting after upgrade due to certificate generation not completing seems to be a common issue.  But can usually be resolved one way or another.

                  https://forum.pfsense.org/index.php?topic=87548.msg481036#msg481036

                  1 Reply Last reply Reply Quote 0
                  • O
                    orsomannaro last edited by

                    @dallo71:

                    I've manually generate the missing certificates

                    How can I do this?

                    1 Reply Last reply Reply Quote 0
                    • O
                      orsomannaro last edited by

                      The way i solved it.

                      Connet to pfSense via null-modem cable and Minicom software.

                      Enter pfSense console.

                      Check ssh probelm:

                      
                        /usr/sbin/sshd
                      
                      

                      Error messages:

                      
                        Could not load host key: /etc/ssh/ssh_host_ecdsa_key
                        Could not load host key: /etc/ssh/ssh_host_ed25519_key
                      
                      

                      Generate new keys:

                      
                        cd /etc/ssh
                        ssh-keygen -N '' -t ecdsa -f ssh_host_ecdsa_key
                        ssh-keygen -N '' -t ed25519 -f ssh_host_ed25519_key
                      
                      

                      Start ssh:

                      
                        /usr/sbin/sshd
                      
                      
                      1 Reply Last reply Reply Quote 0
                      • B
                        bwlinux last edited by

                        Thanks orsomannaro

                        I was able to execute those commands via Diagnostics -> Command Prompt  and got it working again.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy