‹ jan0sch.de

FreeBSD: Switching back to sshd from base.

2024-07-01

I even cannot remember why I started using the ssh daemon from ports (openssh-portable) but it might have been some feature I needed at that time.

However, ever since then one of my first things done on a fresh install was disabling the base sshd and replacing it with the one from ports.

Thinking about it recently I realised that this very likely a pretty dumb idea, so I checked if I really still needed the ports version and … surprise … I don’t. ;-)

Switching the ssh daemon on remote servers might be a bit risky but here is the workflow that served me well.

  1. Check that you’re running ssh from ports. This is usually indicated by the package openssh-portable being installed and by the flag openssh_enable=YES in rc.conf.
  2. Check for differences in the configurations. A quick diff -u /usr/local/etc/ssh/sshd_config /etc/ssh/sshd_config should get you started.
  3. Edit the configuration file /etc/ssh/sshd_config to your liking.
  4. Optional but convenient: Copy the key files to avoid “key changed” errors upon connect. A simple cp -a /usr/local/etc/ssh/*key* /etc/ssh should do the trick.
  5. Disable the openssh daemon: sysrc -x openssh_enable
  6. Enable sshd from base: sysrc sshd_enable=YES
  7. Last but not least we have to stop the openssh daemon and start the sshd from base. As this will kill your ssh connection, you should give it some thought. My quick and dirty solution is to fire up tmux and type a command like sleep 10 && service openssh onestop && service sshd start, send the tmux into the background and disconnect.
  8. For convenience delete the openssh-portable package and the no longer needed directory /usr/local/etc/ssh.

That’s it, welcome back to sshd from base. :-)