How to restart sshd from CLI?

danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
I'm trying to set up my TrueNAS box to use SSH certificates, as described in https://smallstep.com/blog/use-ssh-certificates/. It's pretty straightforward--the step-cli utility is written in Go, so it's a single binary. Download that onto my pool, use it to bootstrap to the CA, use it to obtain a host certificate, use the GUI to configure sshd to use the host certificate.

Only problem is that, like Let's Encrypt certs (though to a much greater degree), these certs are short-lived and therefore need to be renewed frequently. It's easy enough to run step ssh renew daily, but then I need to tell sshd to use the renewed cert--and here's the problem. Due to something in the TrueNAS design, I can't simply service sshd restart; it tells me it isn't enabled in /etc/rc.conf. I can always killall -HUP sshd, and that works, but seems kind of brute-force. Is there a better way to do this?
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Does midclt call service.restart "ssh" work?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Samuel Tai said:
Does midclt call service.restart "ssh" work?
Click to expand...
Seems to--it returns "true", and doesn't immediately drop an open connection. Thanks.
 
You must log in or register to reply here.

Similar threads

danb35
Notes on setting up SSH certificates for hosts and users
Replies
5
Views
2K
danb35
danb35
stitch
  • Locked
[HOWTO] Automatic Certificate Renewal with Let's Encrypt and DNS Auth
Replies
5
Views
8K
danb35
danb35
F
How do i re-run task `certificate.renew_certs` manually?
Replies
0
Views
1K
foretell.concert
F
9
  • Locked
My first guide on FreeNAS with FlexGet and Transmission on a Jail
Replies
0
Views
6K
9bNv1xVCEx
9
F
Deploying current LE cert into PlexApp
Replies
0
Views
1K
FabrizioR8
F
Top