2.2.3 SSH keys not generated on install

snm777

I have read the thread on missing SSH keys after an upgrade - I don;t have that, I have done a clena install.  Here is the thread:
https://forum.pfsense.org/index.php?topic=87750.msg482764#msg482764

When I enable SSHD in the Gui, I get an error that the system is generating missing SSH keys - only after several hours, no keys.  This is on a Dell R630 server with two "Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50 GHz" CPU's - so key generation should NOT be slow.
If I run /usr/sbin/sshd form teh command promt, I get this:

Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host jey: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Disabling protocol version 2\. Could not load host key
sshd: no hostkeys available -- exiting.

Now, if I manually generate the missing keys, they generate and I can ssh in, but the keys don't surevive a reboot. 
Logs are useless because they are empty - as in, blank.  There is NOTHING in them, not just nothing pertaining to sshd, but nothing at all.

Is there a script I can look at that is supposed to generate ssh keys on the firewall?  I'm not sure where this all went wrong, this  a new install, and no matter how many times I re-load from scratch, reformat the SD cards it has for storage, the same thing keeps happening.  need help troubleshooting this, not sure how or why the keys woudl not survive a reboot - it's almost like the disc is in volitile memory, but it isn't…

KOM

The generation of the keys takes literally a few seconds, less than 10.  I don't have any experience with the various appliances, but I would first try a different SD card if possible just to rule that out.

snm777

Thanks.  We SHOULD have the cables we need tomorrow moring to hook this up with a pair of SSD's in raid0.  we did swap the two SD cards around and re-install /reformat, so if one is bad, so is the other.  They are in a raid 0 set right now too.

Ths has been Very frustrating :)  I jsut manually created the keys (again) and am rebooting(again) to see if anything I've done changes the situation.

KOM

So bizarre.  I've never seen anything like it.

doktornotor

Someone broke it…

https://redmine.pfsense.org/issues/4837

robi

May be related to that rw/ro mount thing of NanoBSD on 2.2.3…

snm777

yes, I saw that in the release blog post for 2.2.4.  Putting in SSD's fixed all the problems instantly.  What is interesting is we are NOT running nanobsd - perhaps somehting about the SD cards is similar enough between the nanobsd and FreeBSD that I had the same issue.  It was very strange.  At this point, we simply ordered SSD's to run this setup with, and the test system that had the SD cards has gone back to the vendor, so I won't be able to re-test 2.2.4 with the same setup.

doktornotor

@snm777:

perhaps somehting about the SD cards is similar enough between the nanobsd and FreeBSD

That something "similar enough" is the UFS filesystem with the SU+J disaster "feature". (It was turned off on nano in 2.2.4 because it's completely unusable with slow media.)