Sshd not starting after upgrade from 2.1.5 to 2.2.1



  • I upgraded from 2.1.5 to 2.2.1 and after doing that I'm unable to start sshd service.

    I got the notification:
    [ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]
    but even after a while the sshd still can not be started.

    Does anyone know how to fix this?

    Regards.



  • Tried rebooting?



  • @kejianshi:

    Tried rebooting?

    After rebooting i'm again receiving the same notification ([ pfSense has started creating missing SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.]) like new keys are being generated again but the sshd service can't be started.



  • What packages are you running?



  • @kejianshi:

    What packages are you running?

    Lightsquid
    Open-VM-Tools
    OpenVPN Client Export Utility
    squid
    squidGuard - This one also doesn't work



  • Assuming you have a backup, I'd uninstall all the packages and then reboot.

    Then restore the configuration IF the problem goes away.

    Otherwise, consider a full complete wipe and install.

    BTW - Is this a small headless install on a alix or something like that?



  • @kejianshi:

    Assuming you have a backup, I'd uninstall all the packages and then reboot.

    Then restore the configuration IF the problem goes away.

    Otherwise, consider a full complete wipe and install.

    BTW - Is this a small headless install on a alix or something like that?

    This is a virtual machine and I also have a snapshot from before the upgrade so I can go back and upgrade again (already tried this several times).

    Can you please elaborate on the procedure? Do you want me to go back to 2.1.5, make a backup, upgrade, uninstall all the packages, reboot and then restore the backup from 2.1.5?



  • Well - First of all, this has never happened to me, however, I'm just saying that either removing all the packages and rebooting or doing a clean install with 2.2.1 and then reboot may help (MAY).  If it doesn't hang again then restore your configuration from backup and see what happens.



  • There were several problems with the upgrade and in case someone else has them this is how I got them fixed.

    -squid would not start. This could be fixed by adding following lines:
    ln -s /usr/lib/libssl.so.7 /usr/lib/libssl.so.6
    ln -s /lib/libcrypto.so.7 /lib/libcrypto.so.6
    ln -s /lib/libz.so.6 /lib/libz.so.5

    -sshd would not start with the error I described earlier
    -squid guard would not start

    So since there was no way to fix the upgraded installation I did a fresh install of pfsense 2.2.1 and then imported the backup done on the 2.1.5 system. After that the new system works well and all the services are running normally.


  • Banned

    No no no no no… please stop producing similar broken symlinks.



  • @doktornotor:

    No no no no no… please stop producing similar broken symlinks.

    Not sure what you mean but the only way for me to start the squid after the upgrade was to add those symlinks.
    When I did a clean install there was no such problem.


  • Banned

    @morphmkd:

    When I did a clean install there was no such problem.

    Yes. And that is exactly why it's a bad idea. These manual hacks get forgotten and cause breakage later on. (Especially with the PBI packaging junk.)



  • @morphmkd:

    This is a virtual machine and I also have a snapshot from before the upgrade so I can go back and upgrade again (already tried this several times).

    Can you please elaborate on the procedure? Do you want me to go back to 2.1.5, make a backup, upgrade, uninstall all the packages, reboot and then restore the backup from 2.1.5?

    I'm also running a couple of pfSense instances as VMs.

    I never upgrade in-place. I'm always just taking a config backup of the running pfSense, creating a brand new virtual machine with the same parameters (similar NICs in the same networks), doing a completely fresh install from scratch with the new version, adding a temporary IP address to the LAN port just to access the default web interface, restore the config taken from the previous version. While it reboots, I just disconnect the NICs of the old VM from the network, and have the new one running in place of it.

    This way, I have an instantly running copy of pfSense running the previous version, no more than a NIC connection away.

    PS: I'm also running NanoBSD images in virtual machines, just to be on the paranoid side, but that's just my problem LOL.



  • @robi:

    @morphmkd:

    This is a virtual machine and I also have a snapshot from before the upgrade so I can go back and upgrade again (already tried this several times).

    Can you please elaborate on the procedure? Do you want me to go back to 2.1.5, make a backup, upgrade, uninstall all the packages, reboot and then restore the backup from 2.1.5?

    I'm also running a couple of pfSense instances as VMs.

    I never upgrade in-place. I'm always just taking a config backup of the running pfSense, creating a brand new virtual machine with the same parameters (similar NICs in the same networks), doing a completely fresh install from scratch with the new version, adding a temporary IP address to the LAN port just to access the default web interface, restore the config taken from the previous version. While it reboots, I just disconnect the NICs of the old VM from the network, and have the new one running in place of it.

    This way, I have an instantly running copy of pfSense running the previous version, no more than a NIC connection away.

    Yes, that's exactly what I ended up doing. :)


Log in to reply