This recipe describes how to configure pfSense to use an RSA key rather than a username/password combination for authentication.

Make sure you have enabled SSH access and generated an RSA key (if you completed the last two recipes, you have).

1. Navigate to System | Advanced.
2. Make sure SSHd Key Only is set to Public Key Only:

3. Navigate to System | User Manager. Click on the Users tab (it should be selected by default).
4. Click on the Edit icon (the pencil) for the admin account.
5. In the Keys section, paste the client's public RSA key (that can be the RSA key you created in the previous recipe). When pasted, the key should appear as a single line. Make sure your text editor does not insert any line feeds, or authentication may fail:

6. When done, click on the Save button.

When you connect using an SSH client, instead of asking for a username and password, the SSH server will now use your public RSA key to send a challenge to you. The challenge can only be read if you have the matching private RSA key.

RSA private keys can also be stored encrypted to the client’s computer. The SSH client will prompt you for the decryption password. Once entered, it will be able to use the private key for authentication.

• The Enabling SSH access recipe
• The Generating authorized RSA keys recipe
• The Accessing the SSH recipe