Setting Up and Securing SSH on FreeBSD 13: A Comprehensive Guide
Here will guide you through the process of enabling SSH on your FreeBSD 13 system, configuring the appropriate firewall rules to allow inbound connections, and changing the default SSH port for enhanced security.
Prerequisites
- A FreeBSD 13 system with root privileges
Step 1: Update the System
Before you start, make sure your system is up to date. Open a terminal window and run the following commands:
pkg update
pkg upgrade
Step 2: Enable the SSH Service
To enable SSH on your FreeBSD system, edit the /etc/rc.conf
file using a text editor like vi
or ee
:
sudo vi /etc/rc.conf
Add the following line to the file:
sshd_enable="YES"
Save the file and exit the text editor.
Step 3: Start the SSH Service
Start the SSH service with the following command:
sudo service sshd start
Step 4: Configure Firewall Rules for SSH
By default, FreeBSD uses PF (Packet Filter) as its firewall. First, create a backup of the original PF configuration file:
sudo cp /etc/pf.conf /etc/pf.conf.bak
Next, open the PF configuration file using a text editor:
sudo vi /etc/pf.conf
Add the following lines to allow inbound SSH connections:
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state
Save the file and exit the text editor.
Step 5: Enable and Start the PF Firewall
Edit the /etc/rc.conf
file again to enable the PF firewall:
sudo vi /etc/rc.conf
Add the following line to the file:
pf_enable="YES"
Save the file and exit the text editor.
Start the PF firewall with the following command:
sudo service pf start
Step 6: Change the Default SSH Port
In this example, we'll change the default SSH port from 22 to 33556. You can choose a different port number if you prefer, but make sure it's not already in use by another service.
First, create a backup of the original SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Next, open the SSH configuration file using a text editor:
sudo vi /etc/ssh/sshd_config
Find the line that starts with #Port 22
and change it to the desired port number. Remove the #
at the beginning of the line to uncomment it. For example:
Port 33556
Save the file and exit the text editor.
Step 7: Configure Firewall Rules for the Custom SSH Port
Update the firewall rules to allow inbound connections on the custom SSH port. First, delete the previous SSH rule:
Edit the PF configuration file again:
sudo vi /etc/pf.conf
Remove the previous SSH rule:
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state
Add a new rule for the custom SSH port:
pass in on $ext_if proto tcp from any to any port 33556 flags S/SA keep state
Save the file and exit the text editor.
Restart the PF firewall to apply the new rules:
sudo service pf restart
Step 8: Restart the SSH Service
Restart the SSH service to apply the changes with the following command:
sudo service sshd restart
Step 9: Verify the Custom SSH Port
You can verify that the SSH service is listening on the custom port by running the following command:
sudo sockstat -4 -l | grep ssh
The output should display the new port number (e.g., 33556) in the "Local Address" column.
Step 10: Connect to the Custom SSH Port
To connect to your FreeBSD system via SSH on the custom port, use the following command from a remote machine (replace username
with your actual username, and 10.20.30.40
with the IP address of your FreeBSD system):
ssh -p 33556 username@10.20.30.40
Celebrate!
You have now successfully set up and secured SSH on your FreeBSD 13 system. You've enabled the SSH service, configured the appropriate firewall rules to allow inbound connections, and changed the default SSH port to enhance security. With these changes in place, you can remotely manage your FreeBSD system with confidence.
Remember to always keep your system up to date and monitor the security of your SSH service to maintain a secure environment.