SSH auxiliary parameters formatting

cjb · April 30, 2024, 6:07pm

Hi, I’m trying to increase the number of allowed simultaneous SSH connections. I found this page that tells me to set the ClientMaxStartup value in the auxiliary parameters. However any change I make to these parameters results in an “SSH service failed to start” error. I’ve tried a number of different formatting possibilities, nothing works. Can someone help me with how I’m supposed to format the settings? Thanks!

dan · April 30, 2024, 6:43pm

The “aux parameters” I’ve used have been in the same format as in the sshd.conf file:

# Path to the CA public key for verifying user certificates
TrustedUserCAKeys /mnt/tank/ssh_certs/ssh_user_key.pub
# Path to this host's private key and certificate
HostKey /mnt/tank/ssh_certs/ssh_host_ecdsa_key2
HostCertificate /mnt/tank/ssh_certs/ssh_host_ecdsa_key2-cert.pub

cjb · April 30, 2024, 6:47pm

Thanks dan. I tried that, but it doesn’t work. Here’s my full aux list for reference:

Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
ClientMaxStartup 10

Adding that second line breaks things.

cjb · April 30, 2024, 6:54pm

Ok, I think I figured it out. The problem is “ClientMaxStartup” is not a valid parameter. Perhaps there’s a mistake on the page I linked. I found another page that references the “MaxStartups” parameter, and when I add it I no longer get SSH errors on startup.

Thanks dan for confirming my formatting was right, it helped me narrow in on the problem.

Ehsanghasemi63 · December 22, 2025, 7:34pm

Hi @dan
I saw that you used your own ssh key and then cert. would it be possible if you could comment on my auxiliary config by which I could not start ssh service up? i appreciate your help. there is nothing before or after these below three lines in auxiliary textbox.

HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519

dan · December 22, 2025, 8:23pm

In a subsequent release of TrueNAS (I think it was 25.04), the “aux parameters” are put into a different section of the sshd.conf file, resulting in the key/cert not working.

Ehsanghasemi63 · December 22, 2025, 8:31pm

exactly @dan
very correct. whatever I add to auxiliary textbox goes to the end of sshd.conf file and worse is if I created a user, the auxiliary config will be added to the last block which is the user i created.
is there any solution to fix it or use my own ssh host certificates?

dan · December 22, 2025, 8:36pm

The only one I know of is for iX to un-break it.

Ehsanghasemi63 · December 22, 2025, 8:38pm

is there a document or guide or URL so i read and learn what is iX and how to un-break it?

dan · December 22, 2025, 8:38pm

iX is iXSystems, the company behind TrueNAS. You can report a bug using the link at the top of the page if you like.

Ehsanghasemi63 · December 22, 2025, 8:44pm

thank you so much @dan

Topic		Replies	Views
TrueNAS Core SSH Cipher TrueNAS General CORE	5	228	July 1, 2024
SSH won't start how to resolve? TrueNAS General SCALE	2	112	July 8, 2025
SSH Fails to start after 25.04.1 Update TrueNAS General SCALE	3	106	June 4, 2025
After updating SCALE, ssh service no longer starts TrueNAS General SCALE	6	124	June 13, 2025
TrueNAS Scale SSH password not working for users other than admin TrueNAS General SCALE , SSH	15	1085	January 14, 2025

SSH auxiliary parameters formatting

Related topics