# What has happened to FreeBSD



## adwsail (May 26, 2013)

I've lost ssh and openssh-portable is apparently broken. I started using *F*reeBSD in early 2004 and loved it thanks to Dru Lavigne and her mini tutorials. I built several servers using it with some serious network corporate level work. Samba, Tripwire, Bacula, SugarCRM, Apache, PHP, MySQL all worked just fine and stable as a brick outhouse. After getting laid off three years ago I lost touch until now when I was tasked with setting up a new server for a small two-office business, so I immediately start setting up FreeBSD 8.3 RELEASE-p3. All goes well, ssh works fine, I do a freebsd-update to p8 and no ssh in the ports? So I try to install openssh-portable, it says it's broken in ports. No good, CUPS won't compile either. I've *never* seen these kinds of issues with FreeBSD.

So I delete *all* of /usr/ports including the .xxxx files and folders. Since cvsup is deprecated I try `portsnap fetch`, `extract`, etc. All looks good but there is no ssh and a broken openssh-portable so I am at a loss now. How to get SSH access? This is absolutely necessary and yet it seems to be no longer a part of *Free*BSD. So what to use for SSH access now? Any help? ideas?


----------



## jrm@ (May 26, 2013)

It's already in the base system.  See the relevant entry in the handbook.  The configuration file is /etc/ssh/sshd_config and to turn it on you need to put the line ssd_enable=YES in /etc/rc.conf and start it with `# service sshd start`.  Also see the sshd(), sshd_config() and related man pages.

P.S. Lots of good thing have happened in FreeBSD since 2004.


----------



## marwis (May 26, 2013)

adwsail said:
			
		

> How to get ssh access?



SSH access is disabled by default.  If you haven't enabled it yet, run the following under root

```
cat >> /etc/rc.conf << __EOF__
sshd_enable="YES"
__EOF__

service sshd start
```


----------



## adwsail (May 26, 2013)

Thanks for the reply and yes, 
	
	



```
sshd_enable="YES"
```
 is in the rc.conf file. But when I run `service sshd start` I get a 'file not found' error. So I look in /usr/ports/security and there is no ssh. I check /etc/init.d and there is no ssh daemon. I then ran a `locate ssh`, after updating the locate db and there is essentially nothing for SSH on the machine. And now I don't know how to reinstall something that is not in the ports collection any longer.


----------



## jrm@ (May 26, 2013)

You don't need anything in ports here.  It's included in the base system and its location is /usr/sbin/sshd.  Did you delete that file?  Can you post the exact error?


----------



## adwsail (May 26, 2013)

I had run a deinstall on ssh when I had openssh-portable running under 8.3-RELEASE-p3. After the freebsd-update to p8 everything went wonky, openssh-portable stopped working and I have been unable to switch back to ssh. An attempt to rebuild openssh-portable fails immediately with an error about it being broken. So no I can't login remotely and I won't be in the office until Tuesday. I'll post the error then. Thanks for the help!!


----------



## gkontos (May 26, 2013)

You might want to update your ports tree. See: http://svnweb.freebsd.org/ports?view=revision&revision=319062


----------



## ShelLuser (May 26, 2013)

There is one thing I fail to understand: why version 8.3 instead of 9.1? If you check the releases page you'll notice that the current production release is 9.1 whereas 8.3 is a so called legacy release.

Although this doesn't matter too much where EOL is concerned (EOL for 8.3 is April 2014, EOL for 9.1 is December 2014) you will most likely eventually run into a situation where you need to perform an upgrade to a later version.

I can't help wonder if you're not making things harder on yourself this way because you now face an upgrade procedure where you most likely need to skip a version. I don't have experience with that where FreeBSD is concerned, but in general an upgrade where you skip a version number can be much more trickier than simply upgrading to the next version in the chain.


----------



## adwsail (May 26, 2013)

The ports tree has been updated at least three times from scratch, no joy. Unlike some OS'es there are very few reasons to chase the upgrade path just because a new version is out. I know people that are still using 4.3 in a very large corporate environment.


----------



## DutchDaemon (May 26, 2013)

adwsail said:
			
		

> I had run a deinstall on ssh when I had openssh-portable running under 8.3-RELEASE-p3.



So, apparently, the answer to the 'question' in the thread title is basically: I hosed my own system and don't know how to fix it. Why blame FreeBSD in general?


----------



## ShelLuser (May 26, 2013)

adwsail said:
			
		

> Unlike some OS'es there are very few reasons to chase the upgrade path just because a new version is out. I know people that are still using 4.3 in a very large corporate environment.


That is meaningless nonsense, pardon the expression.

The issue of (closely) following an upgrade path has nothing to do with the involved operating system, but the way it's being used and where. For example; there is little reason to actively upgrade an operating system when it's used in a completely confined environment.

But that changes the very moment you're dealing with a system which is publically accessible. 

When re-reading the thread I have to agree with @DutchDaemon. For example; you mentioned checking /etc/init.d, but on a FreeBSD system that is totally meaningless because FreeBSD doesn't use the SysV initialization system, it never has.

The first step in administrating an operating system is knowing how it works and behaves.


----------



## drhowarddrfine (May 27, 2013)

At first I thought this was a user who last used FreeBSD back when I first got involved (2004). Now it appears he is trying to use Linux stuff (init.d) and doesn't know why it doesn't work. We already know he hasn't looked at the Handbook.

This just sounds like another one of those bizarre first-time posters who start a thread knocking FreeBSD and it's obvious what his intentions are unless he's totally lost. Maybe I'm wrong in this case but I just don't get it.


----------



## sossego (May 27, 2013)

Download the latest 9.1 ISO/memstick image and burn/dd to disc/USB key. Start from there. You will also need to check all hardware for any possible drivers that may need to be built.

Sooner or later, everyone hoses some of the install somewhere along the line. Here's the broom and dustpan. Clean up your mess and start again.


----------



## dave (May 27, 2013)

*To answer the original question...*

To answer the original question,

Question: What has happened to FreeBSD?
Answer: A lot.



			
				ShelLuser said:
			
		

> When re-reading the thread I have to agree with @DutchDaemon. For example; you mentioned checking /etc/init.d, but on a FreeBSD system that is totally meaningless because FreeBSD doesn't use the SysV initialization system, it never has.


I think the OP might be referring to inetd, which used to be more prevalent in FreeBSD.

@adwsail,

You should probably plan on doing your new server build more than once. Lots has changed since you were using FreeBSD last, and so you might make some mistakes along the way. Looks like this time around, you accidentally removed your sshd executable. I know that back in the day, we used to answer "no" to enabling ssh in the post-install, and then install openssh, since it was more secure. But these days, just use the built-in ssh for getting started.

Please don*'*t be discouraged by the chatter. FreeBSD is still very solid. And there is a very helpful community here if you run into trouble - albeit a little defensive.    Maybe start your next question on a different tack.


----------



## kpa (May 27, 2013)

You have to wonder about one thing here. The OP clearly had the knowledge to replace the base system sshd(8) with the port security/openssh-portable. Now why is it suddenly so difficult to comprehend that there is an sshd(8) in the base system?


----------



## drhowarddrfine (May 27, 2013)

dave said:
			
		

> I think the OP might be referring to inetd, which used to be more prevalent in FreeBSD.


It was the OP who typed out that he checked /etc/init.d and couldn't find anything.


----------



## Terry_Kennedy (May 28, 2013)

ShelLuser said:
			
		

> Although this doesn't matter too much where EOL is concerned (EOL for 8.3 is April 2014, EOL for 9.1 is December 2014) you will most likely eventually run into a situation where you need to perform an upgrade to a later version.


Under the current policy, support is 2 years from the last release, so 8.4 and 8-STABLE should be good until May 2015 at the earliest.



> I can't help wonder if you're not making things harder on yourself this way because you now face an upgrade procedure where you most likely need to skip a version. I don't have experience with that where FreeBSD is concerned, but in general an upgrade where you skip a version number can be much more trickier than simply upgrading to the next version in the chain.


Upgrading in place between major versions is tricky - it's easy to break the system and at best you'll have leftover files that don't do anything except take up space. It's better to install the new major version on another box (either a test box or a replacement box with newer hardware) and then migrate user accounts and data over. That also allows for a fast switchover between the old and new systems.


----------



## DutchDaemon (May 28, 2013)

`make delete-old` and `make delete-old-libs` clear up the remnants of old versions. They should be invoked routinely when upgrading to the next major version (thought the latter only after reinstalling your ports or installing a compat port).


----------



## Terry_Kennedy (May 28, 2013)

DutchDaemon said:
			
		

> `make delete-old` and `make delete-old-libs` clear up the remnants of old versions. They should be invoked routinely when upgrading to the next major version (thought the latter only after reinstalling your ports or installing a compat port).


In general, they do a surprisingly good job, sort of like `mergemaster` does in the opposite direction. However, both are reliant on the user being confident of what is needed and what isn't. Otherwise, a shared library not used by the system but used by one or more user application might get deleted, or the application might itself depend on an older library version that `make delete-old-libs` wants to remove.

That's why I find it easier to set up a new box, install the desired new major version on it, then copy over all of the user / application data that I _THINK_ is needed. The existing box is still running, serving customers or whatever it does. I can then test on the new box until I'm confident that everything is working properly, copy over any data that was updated on the production box since my initial copy, then swap the IP addresses between the boxes, making the new version the new production box and retaining the old production box until all the users are happy. Then the old box can be repurposed or recycled. This also has the advantage of keeping up with newer hardware, which is more energy-efficient, more reliable (than hadware that's N years old, regardless of how good it was when new), and faster.

That's the method I use. The last release where I upgraded-in-place was 5.21 to 6.0. I deployed a couple of 7.x test boxes but never really got anywhere with them. The big push around here is to get everything on 8-STABLE less than a week old. I finished up most of that this weekend. Out of 80-odd systems, I an now down to 3 that are out-of-date / out-of-support. 1 is being shut down within the next 2 weeks, one is being sent before the end of June to the outside developer for a specific application one of our clients uses, with a note saying "Put the whole thing in one of _your_ colo facilities, or pull your application off and host it with some other provider". That leaves one server, which has some disgustingly complex in-house applications on it. Those are being moved off as quickly as I can code replacements with modern tools. So the old box is basically dying of attrition. These days, most of it's work is serving meta refresh responses to get clients to go use the new box.

I expect I'll make the jump from 8.last to 10.newest about 6 to 9 months before the 8.last EOL. Hopefully that will be 10.1 or 10.2.

I have a fair amount of practice with this - I have an visual editor I've been dragging around since 4.2BSD, with stops at Ultrix-11, SunOS, 4.4BSD, BSD/386 (BSD/OS) and eventually FreeBSD. It is the ugliest code you could ever hope to [not] see, but it still compiles and runs on each new release. It has had to be changed - for example, it relies on peeking inside stdio structs to see what might be coming in soon, and the Great Stdio Shuffle around 4.4BSD required a bit of code changes.


----------



## adwsail (May 28, 2013)

Oh my, please let me clearly state, I like FreeBSD. I have been and continue to be a big proponent of FreeBSD. I came to this forum seeking help. I still am. My previous postings were from home where I was also messing around with my Raspberry Pi and in posting I said I looked in "init.d", that was my feeble brain mixing my FreeBSD issue at work while modifying a file at home getting pianobar working on the Pi. My bad, I meant rc.d.

My FreeBSD is NOT hosed as far as I'm concerned, just one or two programs are responding in a very unanticipated way which is what I am seeking help with. Is it possible to get ssh back on my system without trashing the entire installation? What is the recommended tool for keeping the ports tree updated? svn? portsnap? portmaster? I used to use cvsup but even the FreeBSD Handbook is not particularly clear on this. Which method also keeps kernel and base updated?

And thanks Dave, there have been a lot of changes which has thrown me for a loop. I'm still unclear on why you can do a make deinstall on any program and turn right around and reinstall it, but not ssh??? What am I missing here?

Anyhow, yeah, I know I'm an old idiot, trying to learn, just wanting some forum type help and a little off due to all the changes in FreeBSD in just the last three years. But forums are where I go for help, hopefully. If someone could just point me in a direction for getting ssh back without a complete wipe of the system, SugarCRM can be a real bear to get right, I would be very grateful.


----------



## DutchDaemon (May 28, 2013)

If you have sources in /usr/src/secure, you should be able to `make all install clean` in there, which should give you a working /usr/sbin/sshd (OpenSSH_6.1p1).


----------



## adwsail (May 28, 2013)

@DutchDaemon*,* you are a lifesaver!!!! Thank you so much*.* That was exactly what I needed. I tried a `make config` first, mainly out of fear, when that didn't give me any options I did a `make all` and there it was!!! `Make install clean` and all is well once again!!! Rotterdam is a bit far to buy you a beer but the thought is there. Have a very nice day!


----------



## jrm@ (May 28, 2013)

adwsail said:
			
		

> What is the recommended tool for keeping the ports tree updated? svn? portsnap? portmaster?


You will mostly likely want to use portsnap() to keep your ports tree updated.  Using subversion is also possible. A nice way to keep ports/packages updated on your system is with portmaster (not included in the base OS).  A simple way to update from one release to the next is with freebsd_update().  If you want more control (e.g. to update to STABLE), you can update your source tree [url="http://www.freebsd.org/doc/en/articles/committers-guide/subversion-primer.html[/url]with subversion[/url] and build/install kernel/world.

I think the handbook covers all this.


----------



## ShelLuser (May 28, 2013)

adwsail said:
			
		

> Oh my, please let me clearly state, I like FreeBSD. I have been and continue to be a big proponent of FreeBSD.


The problem is basically the way you presented your case. Never underestimate the problems you can get into with writing up something in a specific way. The thing is; your initial post could just as easily be picked up in a negative manner; "What has happened to FreeBSD", as such hinting that a lot has changed for the worst and that it's now much less usable than it was "back in the day".

If you then present "newbie mistakes" then people will become cynical about your "criticism", and may even pick up your background as a mere excuse. Even if you didn't mean any of that.

It's easy to write things down, it's a lot harder to write it up in a way where other people will understand exactly what you meant to say.



			
				adwsail said:
			
		

> What is the recommended tool for keeping the ports tree updated? svn? portsnap? portmaster? I used to use cvsup but even the FreeBSD Handbook is not particularly clear on this.


Is it?

What's not clear about "_Download a snapshot using  # portsnap fetch_, _When downloading for the first time use  # portsnap extract to extract_, _After the first use you can update the Ports collection with  # portsnap fetch update._"?

This isn't a literal quote, but that's what it says. Also note that this is a serious question; stating that something is unclear isn't really helping. Share what it is you don't understand, that might actually help people to improve on the documentation.



			
				adwsail said:
			
		

> Which method also keeps kernel and base updated?


Well, there is a whole chapter in the handbook about this: Updating and upgrading FreeBSD. As someone else already mentioned; you want to look into freebsd-update.


----------



## jb_fvwm2 (May 29, 2013)

DutchDaemon said:
			
		

> If you have sources in /usr/src/secure, you should be able to `make all install clean` in there, which should give you a working /usr/sbin/sshd (OpenSSH_6.1p1).



Indeed, I did many sequential variations of that to enable a straight v6 > v9 upgrade to finally run to completion...


----------

