Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Configuring SSH RSA key authentication


This recipe describes how to configure pfSense to use an RSA key rather than a username/password combination for authentication.

Getting ready

Make sure you have enabled SSH access and generated an RSA key (if you completed the last two recipes, you have).

How to do it...

  1. Navigate toSystem | Advanced.
  2. Make sureSSHd Key Onlyis set toPublic Key Only:
  1. Navigate toSystem | User Manager. Click on theUserstab (it should be selected by default).
  2. Click on theEditicon (the pencil) for the admin account.
  3. In the Keyssection, paste the client's public RSA key (that can be the RSA key you created in the previous recipe). When pasted, the key should appear as a single line. Make sure your text editor does not insert any line feeds, or authentication may fail:
  1. When done, click on the Save button.

How it works...

When you connect using an SSH client, instead of asking for a username and password, the SSH server will now use your public RSA key to send a challenge to you. The challenge can only be read if you have the matching private RSA key.

There’s more...

RSA private keys can also be stored encrypted to the client’s computer.The SSH client will prompt you for the decryption password. Once entered, it will be able to use the private key for authentication.

See also

  • TheEnabling SSH accessrecipe
  • TheGenerating authorized RSA keysrecipe
  • TheAccessing the SSH recipe