Bobcares

Accessing pfSense SSH: Configuration and Set Up

by | Oct 10, 2022

We can access the pfSense with SSH in a few simple steps of configurations. With the support of our Server Management Support Services let us learn more about how to access the pfSese with SSH.

How to Remotely Access pfSense Using SSH?

SSH, often known as a secure shell, is a reliable means for remotely accessing a pfSense router. The fundamental benefit of utilizing SSH over other protocols such as telnet is security.

SSH traffic is entirely in encryption, preventing other users from viewing it using sniffers or man-in-the-middle assaults. SSH may also provide more than just a remote shell; it can securely transmit data and forward ports to a distant network.

Enable SSH via GUI

The following example will provide SSH access using only public key authentication, which is more secure than allowing access by password alone.

  • Firstly, to begin, navigate to System > Advanced, Admin Access tab.
  • After that ‘Enable Secure Shell’ is checked. To allow only key-based SSH authentication, set SSHd Key Only to Public Key Only.
  • After that, if the SSH daemon should listen on a port other than the default, enter a port number in SSH Port. If we leave this parameter blank, the daemon will utilize port 22.
  • Finally, click the Save button to move ahead to the next step in accessing pfSense with SSH.

SSH Keys and PfSense access.

After configuring the SSH daemon for key authentication, the keys defined on user accounts are put to use. Under System > User Manager, we can add keys to individual user accounts. The keys are shared by the admin and root users.

Enable SSH via Console

Connect to the terminal (VGA or Serial) and enable or disable SSH using option 14. Use the GUI as described above to alter the port number or key authentication choices.

SSH Daemon Security

SSH can only be accessible by LAN clients with the default ruleset. If SSH access is necessary for WAN clients, the best approach is to limit access to key-based authentication to minimize brute force assaults.

Moving the daemon to a different port is also a good practice, but it is not sufficient protection.

If password authentication is active, we have to guarantee that all user accounts with shell access have strong passwords.

User Access

SSH access is restricted to admin and root users by default. Additional users with restrictions will have access to the User – System – Shell account access privilege to allow them to log in over SSH.

Testing the Service Locally

The service should be operational at this point. We can try connecting with a client like Putty to test things out. Putty is a well-known (and free) SSH client that is easy to use. The application consists of only one file, Putty.exe.

After starting Putty, enter the LAN IP or hostname of the pfSense router in the top host box. If we currently have the service configured to run on a different port, change the port to the one we specified in the settings.

At the bottom of the program, we will be able to find the ‘open’ button and it will instantly connect to the Server. This ensures that accessing pfSense ssh is successful.

The Console Menu

If the connection was successful, we can give a username, which we will input as root. The server will also need a password from us. The password will be the same one we use as the admin account to access the online interface to access pfSense with SSH.

To access the shell, select option number 8.

accessing pfsense ssh

After logging in the console menu will open up.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude we have now learned how to access the pfSense remotely using the SSH by enabling it in the console within a few simple steps put forth by Server management support services.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.