This recipe describes how to enable the Secure Shell service in pfSense, thus making remote console login possible.

SSH is a networking protocol that allows encrypted communication between two nodes. Enabling SSH will allow you to gain access to the pfSense console remotely, as if you were at the console.

1. Navigate to System | Advanced.
2. In the Secure Shell section of the page, check the Enable Secure Shell checkbox:

3. With the current settings, you will be prompted for a username and password when logging into the console remotely. But by changing the SSHd Key Only setting to Public Key Only, you can set it so that only logins with a public key will be allowed. See the next recipe for details on how to generate an RSA public key.
4. Leave SSH port set to the default, port 22.
5. When you are done, click on the Save button.

Enabling Secure Shell in pfSense turns on pfSense’s internal SSH server, which causes pfSense to listen for login attempts on the SSH port (in this case, port 22).

Using RSA keys for SSH login is an effective way of securing your system. You can also change the SSH port; this should result in fewer unauthorized login attempts, though you will have to remember the new SSH port.

• The Generating authorized RSA keys recipe in this chapter
• The Enabling RSA key authentication recipe in this chapter