pfSense Gold Subscription

Author Topic: sshd wont start after first reboot. firstly it works for me...but then...  (Read 4890 times)

0 Members and 1 Guest are viewing this topic.

Offline zor1984

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
sshd wont start after first reboot. firstly it works for me...but then...I add then remove it to "service watchdog" then sshd wont go up even through services applet. So i remove it from watchdog (clear all wtchdog list). But still cant start it again, even if i enable/disable few times through web interface.  :'( I've sended few crashes to devs, here is one last:

Crash report begins.  Anonymous machine information:

amd64
10.1-RC3
FreeBSD 10.1-RC3 #38 3ed8b80(releng/10.1)-dirty: Fri Oct 24 12:25:53 CDT 2014     root@pf22-amd64-snap:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10

Crash report details:

PHP Errors:
[25-Oct-2014 08:44:55 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
[25-Oct-2014 08:45:16 Europe/Moscow] PHP Fatal error:  Cannot redeclare byte_convert() (previously declared in /usr/local/pkg/phpservice.inc:52) in /usr/local/pkg/backup.inc on line 43
[25-Oct-2014 08:48:12 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
[25-Oct-2014 08:48:37 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130
[25-Oct-2014 08:56:04 Europe/Moscow] PHP Parse error:  syntax error, unexpected '}' in /etc/sshd on line 130

Hope you can find what it is  ;D I am going to sleep now. Still, I tried most of the packages and they are mostly work out for me, but any of squid  :o....nvm it is BETA, so even though i glad to send few crash reports. Could you implement some automatic crash sending thing into pfsense 2.2 or next version? Cause i think automatic sending is way more better then manual and probably much more reliable.
« Last Edit: October 25, 2014, 11:21:38 am by zor1984 »

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
/etc/sshd master version in GitHub does not look like it has any mis-matched {} pairs, and no } at line 130.
What is actually in your /etc/sshd?
(Diagnostics->Edit file)
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline zor1984

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
I am not edit any files, just add some services to the installed packet called "service watchdog" then delete all services for relaunch on the list of watch dog, so it is clear write now. Maybe some of my packages also can interfere with my configs, but since I reboot my system first time ssh work as intended for me. Maybe I just need to reset my box after 2.1.5 -> 2.2 RC-3 update to fix this behaviour? Just waiting for some advices  ;D Anyway, this is home box so no worries about it, I can anytime switch my screen to the box through my D-link KVM switch and access all options locally. So if you have any ideas i will gladly listen to your tips, but I am not a professional programmer and look like a dumb cow on these code  :D

/etc/sshd

Code: [Select]
#!/usr/local/bin/php -f
<?php
/*
   sshd - Modified to work on disk based system
   Copyright 2004 Scott K Ullrich

   Original Copyright (C) 2004 Fred Mol <fredmol@xs4all.nl>.
   All rights reserved.

   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions are met:

   1. Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.

   2. Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.

   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
   OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   POSSIBILITY OF SUCH DAMAGE.
*/

   
require_once("globals.inc");
   require_once(
"config.inc");
   require_once(
"functions.inc");
   require_once(
"shaper.inc");

   if (!isset(
$config['system']['enablesshd'])) {
      return;
   }

   
/* are we already running?  if not, do conf_mount_rw(), otherwise it should already be rw */
   
if (!is_subsystem_dirty('sshdkeys')) {
      
conf_mount_rw();
   }

   
$keys = array(
      
'ssh_host_key',
      
'ssh_host_key.pub',
      
'ssh_host_dsa_key',
      
'ssh_host_dsa_key.pub',
      
'ssh_host_rsa_key',
      
'ssh_host_rsa_key.pub',
      
'ssh_host_ecdsa_key',
      
'ssh_host_ecdsa_key.pub',
      
'ssh_host_ed25519_key',
      
'ssh_host_ed25519_key.pub'
   
);

   
/* restore ssh data for nanobsd platform */
   
if($g['platform'] == "nanobsd" and file_exists("/conf/sshd/ssh_host_key") and !file_exists("/etc/ssh/ssh_host_key.pub")) {
      echo 
"Restoring SSH from /conf/sshd/";
      
exec("/bin/cp -p /conf/sshd/* /etc/ssh/");

      
/* make sure host private key permissions aren't too open so sshd won't complain */
      
foreach($keys as $f2c) {
         if(
file_exists("/etc/ssh/{$f2c}"))
            
chmod("/etc/ssh/{$f2c}"0600);
      }
   }

   
/*    if any of these files are 0 bytes then they are corrupted.
    *    remove them
    */
   
foreach($keys as $f2c) {
      if (
file_exists("/etc/ssh/{$f2c}") && filesize("/etc/ssh/{$f2c}") == 0) {
         
unlink_if_exists('/etc/ssh/ssh_host*');
         break;
      }
   }

   if (!
is_dir("/var/empty")) {
      
/* make ssh home directory */
      
mkdir("/var/empty"0555);
   }

   if(!
file_exists("/var/log/lastlog")) {
      
/* Login related files. */
      
@touch("/var/log/lastlog");
   }

   
$sshConfigDir "/etc/ssh";

   if (
is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port']))
      
$sshport $config['system']['ssh']['port'];
   else
      
$sshport 22;

   
/* Include default configuration for pfSense */
   
$sshconf "# This file is automatically generated at startup\n";
   
$sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n";
   
$sshconf .= "PermitRootLogin yes\n";
   
$sshconf .= "Compression yes\n";
   
$sshconf .= "ClientAliveInterval 30\n";
   
$sshconf .= "UseDNS no\n";
   
$sshconf .= "X11Forwarding no\n";
   if (isset(
$config['system']['ssh']['sshdkeyonly'])) {
      
$sshconf .= "# Login via Key only\n";
      
$sshconf .= "PasswordAuthentication no\n";
      
$sshconf .= "ChallengeResponseAuthentication no\n";
      
$sshconf .= "PubkeyAuthentication yes\n";
   } else {
      
$sshconf .= "# Login via Key and Password\n";
      
$sshconf .= "PasswordAuthentication yes\n";
      
$sshconf .= "ChallengeResponseAuthentication yes\n";
      
$sshconf .= "PubkeyAuthentication yes\n";
   }
   
$sshconf .= "# override default of no subsystems\n";
   
$sshconf .= "Subsystem       sftp    /usr/libexec/sftp-server\n";
   
/* Only allow protocol 2, because we say so */
   
$sshconf .= "Protocol 2\n";
   
/* Run the server on another port if we have one defined */
   
$sshconf .= "Port $sshport\n";
   if(
file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}
   
/* Hide FreeBSD version */
   
$sshconf .= "VersionAddendum \n";
   
   
/* Apply package SSHDCond settings if config file exists */
      
$szExtra fread($fdExtra1048576); // Read up to 1MB from extra file
      
$sshconf .= $szExtra;
      
fclose($fdExtra);
   }

   
/* Write the new sshd config file */
   
@file_put_contents("/etc/ssh/sshd_config"$sshconf);

   
/* mop up from a badly implemented ssh keys -> cf backup */
   
if($config['ssh']['dsa_key'] <> "") {
      unset(
$config['ssh']['dsa_key']);
      unset(
$config['ssh']['ecdsa_key']);
      unset(
$config['ssh']['ed25519_key']);
      unset(
$config['ssh']['rsa_key']);
      unset(
$config['ssh']['rsa1_key']);
      unset(
$config['ssh']['dsa']);
      unset(
$config['ssh']['rsa']);
      unset(
$config['ssh']['rsa1']);
      unset(
$config['ssh']['ak']);
      
write_config("Clearing SSH keys from config.xml");
   }

   
/* are we already running?  if so exit */
   
if(is_subsystem_dirty('sshdkeys')) {
      unset(
$keys);
      return;
   }
   
   
// Check for all needed key files. If any are missing, the keys need to be regenerated.
   
$generate_keys false;
   foreach (
$keys as $f2c) {
      if (!
file_exists("/etc/ssh/{$f2c}")) {
         
$generate_keys true;
         break;
      }
   }

   if (
$generate_keys) {
      
/* remove previous keys and regen later */
      
file_notice("SSH""{$g['product_name']} has started creating your SSH keys.  SSH Startup will be delayed.  Please note that reloading the filter rules and changes will be delayed until this operation is completed.""SSH KeyGen""");
      
unlink_if_exists('/etc/ssh/ssh_host_*');
      
mark_subsystem_dirty('sshdkeys');
      echo 
" Generating Keys:\n";
      
$_gb exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key");
      
$_gb exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa -N '' -f $sshConfigDir/ssh_host_rsa_key");
      
$_gb exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t dsa -N '' -f $sshConfigDir/ssh_host_dsa_key");
      
$_gb exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ecdsa -N '' -f $sshConfigDir/ssh_host_ecdsa_key");
      
$_gb exec("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t ed25519 -N '' -f $sshConfigDir/ssh_host_ed25519_key");
      
clear_subsystem_dirty('sshdkeys');
      
file_notice("SSH""{$g['product_name']} has completed creating your SSH keys.  SSH is now started.""SSH Startup""");
   }

   
/* kill existing sshd process, server only, not the childs */
   
$sshd_pid exec("ps ax | egrep '/usr/sbin/[s]shd' | awk '{print $1}'");
   if(
$sshd_pid <> "") {
      echo 
"stopping ssh process $sshd_pid \n";
      @
posix_kill($sshd_pidSIGTERM);
   }
   
/* Launch new server process */
   
$status mwexec("/usr/sbin/sshd");
   if(
$status <> 0) {
      
file_notice("sshd_startup""SSHD failed to start.""SSHD Daemon""");
      echo 
"error!\n";
   } else {
      echo 
"done.\n";
   }

   
// NanoBSD
   
if($g['platform'] == "nanobsd") {
      if(!
is_dir("/conf/sshd"))
         
mkdir("/conf/sshd"0750);
      
$_gb exec("/bin/cp -p /etc/ssh/ssh_host* /conf/sshd");
   }
   
conf_mount_ro();
   unset(
$keys);
?>

/usr/local/pkg/phpservice.inc

Code: [Select]
<?php
/* $Id$ */
/*
/* ========================================================================== */
/*
    phpservice.inc
    Copyright (C) 2008 Mark J Crane
    All rights reserved.
                                                                              */
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
   this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/

if (!function_exists("pkg_is_service_running")) {
function pkg_is_service_running($servicename)
{
    exec("/bin/ps ax | awk '{ print $5 }'"$psout);
    array_shift($psout);
    foreach($psout as $line) {
$ps[] = trim(array_pop(explode(' 'array_pop(explode('/'$line)))));
    }
    if(is_service_running($servicename$ps) or is_process_running($servicename) ) {
return true;
    }
    else {
return false;
    }
}
}

if (!
function_exists("byte_convert")) {
function byte_convert$bytes ) {
    if ($bytes<=0)
return '0 Byte';

    $convention=1000//[1000->10^x|1024->2^x]
    $s=array('B''kB''MB''GB''TB''PB''EB''ZB');
    $e=floor(log($bytes,$convention));
    return round($bytes/pow($convention,$e),2).' '.$s[$e];
}
}
 
function 
phpservice_sync_package_php()
{

  global 
$config
  if(
$config['installedpackages']['phpservice']['config'] != "") {

    
conf_mount_rw();
    
config_unlock();

$tmp "<?php\n";
$tmp .= "\n";
$tmp .= "// Set time limit to indefinite execution\n";
$tmp .= "set_time_limit (0);\n";
$tmp .= "\n";
$tmp .= "//run this program as long as the pid file exists\n";
$tmp .= "\$filename = '/tmp/phpmonitor.pid';\n";
$tmp .= "\$fp = fopen(\$filename, 'w');\n";
$tmp .= "fwrite(\$fp, \"If this file is deleted then phpmonitor will stop.\");\n";
$tmp .= "fclose(\$fp);\n";
$tmp .= "unset(\$filename);\n";
$tmp .= "\n";
$tmp .= "//require_once(\"config.inc\");\n";
$tmp .= "//global \$config;\n";
$tmp .= "//\$syslogaddress = \$config['syslog']['remoteserver'];\n";
$tmp .= "\$syslogaddress = \"127.0.0.1\";\n";
$tmp .= "\$syslogport = 514;\n";
$tmp .= "echo \"syslog server: \".\$syslogaddress.\"\\n\";\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "function send_to_syslog(\$syslogaddress, \$syslogport, \$syslogmsg) {\n";
$tmp .= "\n";
$tmp .= "  \$fp = fsockopen(\"udp://\".\$syslogaddress, \$syslogport, \$errno, \$errstr);\n";
$tmp .= "  if (!\$fp) {\n";
$tmp .= "      //echo \"ERROR: \$errno - \$errstr<br />\\n\";\n";
$tmp .= "  } else {\n";
$tmp .= "      fwrite(\$fp, \$syslogmsg);\n";
$tmp .= "      fclose(\$fp);\n";
$tmp .= "  }\n";
$tmp .= "\n";
$tmp .= "}\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "//\$msg = \"1.begin loop. \".date('r').\"\\n\";\n";
$tmp .= "//\$fp = fopen('/tmp/phpmonitor.txt', 'a');\n";
$tmp .= "//fwrite(\$fp, \$msg.\"\\n\");\n";
$tmp .= "//fclose(\$fp);\n";
$tmp .= "\n";
$tmp .= "\$x = 0;\n";
$tmp .= "while(\$x == 0) {\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "  if(!file_exists('/tmp/phpmonitor.pid')) {\n";
$tmp .= "    //if the file does not exist then close the program.\n";
$tmp .= "    echo \"program closing\\n\";\n";
$tmp .= "    return;\n";
$tmp .= "  }\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "\n";
      
foreach($config['installedpackages']['phpservice']['config'] as $rowhelper) {
if ($rowhelper['enabled'] != "false") {
$tmp_php base64_decode($rowhelper['php']);
if (strlen($tmp_php) > 0) {
$tmp .= "// name: ".$rowhelper['name']." \n";
$tmp .= "// description: ".$rowhelper['description']." \n\n";       
$tmp .= base64_decode($rowhelper['php']);
$tmp .= "\n";
}
}

}
      

$tmp .= "\n";
$tmp .= "\n";
$tmp .= "  //usleep(100000);  //micro seconds //2 seconds 2000000\n";
$tmp .= "  sleep(1); //in seconds\n";
$tmp .= "  //if (\$x > 60){ exit; } //exit after 60 seconds for testing\n";
$tmp .= "} //emd while\n";
$tmp .= "\n";
$tmp .= "\n";
$tmp .= "?>
";

$fout = fopen("/usr/local/pkg/phpservice.php","w");
fwrite($fout, $tmp);
unset($tmp);
fclose($fout);
         
conf_mount_ro();

  }
}


function phpservice_sync_package()
{
 
global $config;   
phpservice_sync_package_php();

}
   

function phpservice_install_command()
{

global $config;
conf_mount_rw();
config_lock();

if (!is_dir('/usr/local/www/packages/')) {
   exec("mkdir /usr/local/www/packages/");
}

if (!is_dir('/usr/local/www/packages/phpservice/')) {
   exec("mkdir /usr/local/www/packages/phpservice/");
}


//rename PHP files from .tmp to .php
exec("cp /tmp/phpservice_php.tmp /usr/local/www/packages/phpservice/phpservice_php.php");
unlink_if_exists("/tmp/phpservice_php.tmp");

exec("cp /tmp/phpservice_php_edit.tmp /usr/local/www/packages/phpservice/phpservice_php_edit.php");
unlink_if_exists("/tmp/phpservice_php_edit.tmp");

  //write_config();
 
write_rcfile(array(
"file" => "phpservice.sh",
"start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &",
"stop" => "rm /tmp/phpmonitor.pid"
)
);
         
phpservice_sync_package();
//$handle = popen("/usr/local/etc/rc.d/phpservice.sh start", "r");
//pclose($handle);

//if (pkg_is_service_running('phpservice')) { 
//documentation purposes
//}

conf_mount_ro();
config_unlock();
 
}


function phpservice_deinstall_command()
{

conf_mount_rw();
config_lock();
$handle = popen("/usr/local/etc/rc.d/phpservice.sh stop", "r");
unlink_if_exists("/usr/local/pkg/phpservice.xml");
unlink_if_exists("/usr/local/pkg/phpservice.inc");
unlink_if_exists("/usr/local/www/phpservice.inc");
unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh");
conf_mount_ro();
config_unlock();

}

?>









« Last Edit: October 25, 2014, 11:12:10 am by zor1984 »

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Your /etc/sshd file is a little different to the official distribution.


Line 123 has been added:
Code: [Select]
   if(file_exists("/etc/ssh/sshd_extra")){$sshconf.=file_get_contents("/etc/ssh/sshd_extra");}

And line 128 and 129 are missing:
Code: [Select]
if (file_exists("/etc/sshd_extra")) {
$fdExtra = fopen("/etc/sshd_extra", 'r');
Those missing lines cause a missing opening "{" and thus the error about an unexpected "}" further down.
What happened to cause this file to be edited?

Anyway, you can fix it up again by:
a) Go to https://raw.githubusercontent.com/pfsense/pfsense/master/etc/sshd to see the text of the file on GitHub. Select and copy the text.
b) On the WebGUI of pfSense, Diagnostics->Edit, bring up /etc/sshd, select all the text, paste the good text from GitHub, save.

Or upgrade to the next snapshot, that should overwrite everything, including /etc/sshd, with the correct code.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline zor1984

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
Well. it is edited by some package interfering with ssh, I don't remember what exactly the name of it, to be honest yesterday I've install way too many packages to try it out, then some of them doing mess with my configuration. Even resetting to factory defaults doesn't help, so I try to copy/paste conf file from github  ;D Thank you for your answers I appreciate your help  :D

Yapp! It's running perfectly now

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
It would be good to find out what package is doing the editing - because it is going to screw up with different versions of /etc/sshd
If you have a package suspect in mind, mention it.
Edit, add: the suspect was not hard to find - sshdcond package has code that edit /etc/sshd
https://github.com/pfsense/pfsense-packages/blob/master/config/sshdcond/sshdcond.inc
The master version of /etc/sshd was modified by:
https://github.com/pfsense/pfsense/commit/5a89049022022e98f745ccb1eba51b7f438f6fe7
In particular, it did:
Code: [Select]
- if(file_exists("/etc/sshd_extra"))
- {
+ if (file_exists("/etc/sshd_extra")) {
That put the "{" on the same line as the "if" and made a big difference to the result of the editing done by sshdcond.

Bug reported: https://redmine.pfsense.org/issues/3959
« Last Edit: October 25, 2014, 01:57:26 pm by phil.davis »
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline zor1984

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
It would be good to find out what package is doing the editing - because it is going to screw up with different versions of /etc/sshd
If you have a package suspect in mind, mention it.
Edit, add: the suspect was not hard to find - sshdcond package has code that edit /etc/sshd
https://github.com/pfsense/pfsense-packages/blob/master/config/sshdcond/sshdcond.inc
The master version of /etc/sshd was modified by:
https://github.com/pfsense/pfsense/commit/5a89049022022e98f745ccb1eba51b7f438f6fe7
In particular, it did:
Code: [Select]
- if(file_exists("/etc/sshd_extra"))
- {
+ if (file_exists("/etc/sshd_extra")) {
That put the "{" on the same line as the "if" and made a big difference to the result of the editing done by sshdcond.

Bug reported: https://redmine.pfsense.org/issues/3959

Thanks for doing it for me, I look into this code now trying to understand what's wrong with it  ::), seems you are right here, these package has almost ruin my life yesterday  ;D

Yepp now I see this piece of code:
Code: [Select]
121 115  /* Apply package SSHDCond settings if config file exists */
122  - if(file_exists("/etc/sshd_extra"))
123  - {
 116 + if (file_exists("/etc/sshd_extra")) {
124 117  $fdExtra = fopen("/etc/sshd_extra", 'r');
125 118  $szExtra = fread($fdExtra, 1048576); // Read up to 1MB from extra file
126 119  $sshconf .= $szExtra;


 @@ -128,9 +121,7 @@
128 121  }

Thank you for reporting bug for me, I've just installed these package to try if it extend/enhance in some way functionality as it written in package info: "Allows to define SSH overrides for users,groups,hosts and addresses using Match in a convenient way. This package acts as an access list frontend for ssh connections", but it seems digging in alpha/beta packages is not for me to deal with. I'm trying to stay out of it using most of released or stable packages next time  :P Even though half of the packages I've tried to install yesterday report missing digital signature message, so it has to be fixed sometime late when 2.2 is prepared for release. Also my thoughts is for adding some functionality to package installation process, some marks that desired to install package does not met system requirements or can break something on the main distribution when installed  :-X or some option to hide all unstable testing packages using some filtering with parameters like "platform & status", which is could potentially grow performance when showing up a list of packages even though they can be now sorted out by categories . Cause tabs it's a good idea, but it's not enough here in package manager to filter pbi packets that you need/want to install on your system. Hope we see some changes in that way in the future.
« Last Edit: October 26, 2014, 02:56:36 am by zor1984 »

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Re: sshd wont start after first reboot. firstly it works for me...but then...
« Reply #7 on: November 26, 2014, 09:34:56 am »
Renato committed some fixes for this today. The bug https://redmine.pfsense.org/issues/3959 is now in Feedback. Since I don't actually use this package, it is a bit hard for me to really verify that it works OK now.
If anyone is using sshdcond I suggest you update to latest snap and latest package version and then report back on the Redmine bug to say if it now works OK.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline Topper727

  • Full Member
  • ***
  • Posts: 245
  • Karma: +25/-0
    • View Profile
I am having same issue.. was loving the updates in 2.2 cause ssh would run till I rebooted or lost power.   But now since no more updates as I am on 1/16 RC 64 bit and that is last I see till 2.2 release I will have to wait till 2.2 release to have ssh back and only till I reboot again ?
Dell 2950 g3 server
Intel(R) Xeon(R) CPU E5430 @ 2.66GHz
Current: 2000 MHz, Max: 2667 MHz
8 CPUs: 2 package(s) x 4 core(s)
8152 MiB and 600meg 10k drive
Pfsense 2.4 .. Hoping to get the phpvirtualbox going again.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
I am having same issue..

You're not having the same issue. This thread was about a long-ago fixed issue with SSH host key generation in some circumstances. There are no known issues along these lines since, and any that do exist wouldn't be relevant to this thread. Please start a new thread with specifics of what you're seeing, as it's definitely completely unrelated to this thread.