Safely adding SSH users to pfSense

Posted by Goyuix on Server Fault See other posts from Server Fault or by Goyuix
Published on 2012-10-19T16:32:52Z Indexed on 2012/10/19 17:03 UTC
Read the original article Hit count: 693

Filed under:

ssh

|

pfsense

I would like to add a user for myself to login via SSH to a pfSense box. I don't want to just blindly go through the adduser command and inadvertently break something / open a vulnerability somewhere though. Looking at the config page in the WebUI:

pfSense Secure Shell Config Options

I can't find where to add users or to specify their keys. What is the right way to add users that can use SSH? Can I also safely use the AllowUsers directive to keep tighter control of those allowed to login via SSH?

Bonus: I would also like to disable root from being able to login via SSH. I can see the option PermitRootLogin in the /etc/ssh/sshd_config file, though I don't necessarily want to modify it directly as I could potentially lose those changes with updates/patches or changes through the WebUI. Thoughts?

© Server Fault or respective owner

Related posts about ssh

Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
SSH problems (ssh_exchange_identification: read: Connection reset by peer)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was running 11.10 and decided to do the full upgrade and come up to 12.04 after the update SSH (not SSHD) is now misbehaving when attempting to connect to other OpenSSH instances. I say OpenSSH as I am running a DropBear sshd on my router and I am able to connect to it. When attempting to connect… >>> More
SSH main process ended

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running ubuntu server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
SSH server not working (respawns until stopped)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running Ubuntu Server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
Cannot SSH after resetting firewall on VPS

as seen on Server Fault - Search for 'Server Fault'
I'm having trouble trying to SSH to my Debian 5 VPS with blacknight. It was working fine until I did the following: Logged into 'Parallels Infrastructure Manager' - Container - Firewall - Set to 'Normal Firewall settings'. It told me there was an error with the IPTables and offered the option again… >>> More

Related posts about pfsense

Using pfSense, OpenVPN Connects but Still Can't See the Network

as seen on Super User - Search for 'Super User'
I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of… >>> More
Ierrs on Network Interface - Pfsense/Freebsd

as seen on Server Fault - Search for 'Server Fault'
Hello all, We're using PfSense as an internal router/firewall (no connection to WAN). Using the Web-GUI, under Status --- Interfaces, there's one particular interface where I have some errors: In/out errors 3513/0 I then SSHed to the firewall to validate the info provided by the WebGUI and… >>> More
pfSense Firewall or Linsys/Cisco router for small offices

as seen on Server Fault - Search for 'Server Fault'
I'm about to start switching some networks around for multiple small offices. Each office has about 10 to 15 users and 10 to 15 computers. Each office has a spread of generic routers and access points. The routers vary from being used as routers, to just being an access point for wireless. Nothing… >>> More
Per client DNS server assignment using Pfsense

as seen on Server Fault - Search for 'Server Fault'
I have a network where pfsense is the gateway. There are two sets of clients that I want. One where there will be some restrictions to the network (example, IM being blocked) and one network where there are no restrictions. One easy way I thought about doing this was assigning the different domains… >>> More
Route specific HTTP requests through pfSense OpenVPN

as seen on Server Fault - Search for 'Server Fault'
Hi, to start, I have very little knowledge on routes, iptables, etc. That said, here's what I'm trying to accomplish and where I think I'm stumped: Problem: We have an external website which we recently firewalled so it only accepts traffic from our office IP addresses. This works well at the office… >>> More