Book Image

pfSense 2 Cookbook

By : Matt Williamson, Matthew D Williamson
Book Image

pfSense 2 Cookbook

By: Matt Williamson, Matthew D Williamson

Overview of this book

pfSense is an open source distribution of FreeBSD-based firewall that provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important, compared to other offerings. Through this book you will see that pfSense offers numerous alternatives to fit any environment's security needs. pfSense 2.0 Cookbook is the first and only book to explore all the features of pfSense, including those released in the latest 2.0 version. With the help of step-by-step instructions and detailed screenshots of the pfSense interface you will be able to configure every general and advanced feature from creating a firewall rule to configuring multi-WAN failover. Each recipe includes tips and offers advice on variations of the topic or references to other related recipes and additional information that can be found from other sources. pfSense 2.0 Cookbook covers the gamut of available features and functionality. The first three chapters will take you from a non-existent system to a basic pfSense firewall. The next chapter focuses on configuring any number of the VPN services available, a very important and sought-after feature for anyone implementing a firewall. The following two chapters describe how to configure the most advanced features available in pfSense; features that may only be relevant to the most experienced network admins. Chapter 7 is dedicated to understanding and configuring the "grab-bag" of features that are available in pfSense, but are often stand-alone options and unrelated to each other. The first appendix explains how to use the status monitoring tools available for many of the features. The second appendix wraps up with helping you to decide how and where pfSense may be incorporated into your system and what type of hardware is required based on your throughput needs.
Table of Contents (16 chapters)
pfSense 2 Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Generating authorized RSA keys


This recipe describes how to create an authorized RSA key so a user can connect to pfSense without being prompted for a password.

Getting ready

Linux and Mac users will need to ensure ssh-keygen is installed on their system (almost all distributions have this installed by default). Windows users will need to download and install the PuTTYGen tool.

How to do it...

Generate an SSH key from a Linux/Mac Client as follows:

  1. Open a terminal and run:

    ssh-keygen
    
  2. Save the key to the default location of /home/user/.ssh/ and specify a pass code (optional, but recommended).

  3. Your public key is now located at /home/user/.ssh/id_rsa.pub.

    Generate an SSH key from a Windows client using PuTTY as follows:

  4. Open PuTTYGen and generate a public/private key pair by clicking the Generate button.

  5. Enter a passphrase (optional, but recommended).

  6. Click the Save Private Key button and choose a location, such as C:\MyPrivateKey.ppk.

  7. Highlight the public key that was generated in the textbox and copy and paste it into a new file, let's say C:\MyPublicKey.txt. (Do not use the Save Public Key button, as that adds comments and other fields that are sometimes incompatible.)

How it works...

RSA keys have become a standard for securing client/server connections for any service which chooses to take advantage of it. A client generates a key pair—a private key file and a public key file (an optional pass-phrase can be specified for enhanced security). Now, any server administrator can request that client's public key and add it to their system. The client can then securely authenticate without typing in a password.

There's more...

RSA key authentication is most often associated with SSH access, and is often referred to as SSH keys but that is misleading. RSA keys are generic and not specific to SSH. Although SSH often uses them, RSA keys can be used by any type of service that chooses to support them, such as VPN, VoIP, FTP, and so on.

See also

  • The Enabling the Secure Shell (SSH) recipe

  • The Configuring SSH RSA key authentication recipe