Setting Up and Securing SSH on FreeBSD 13: A Comprehensive Guide
Here will guide you through the process of enabling SSH on your FreeBSD 13 system, configuring the appropriate firewall rules to allow inbound connections, and changing the default SSH port for enhanced security.
Prerequisites
- A FreeBSD 13 system with root privileges
Step 1: Update the System
Before you start, make sure your system is up to date. Open a terminal window and run the following commands:
pkg update
pkg upgradeStep 2: Enable the SSH Service
To enable SSH on your FreeBSD system, edit the /etc/rc.conf file using a text editor like vi or ee:
sudo vi /etc/rc.confAdd the following line to the file:
sshd_enable="YES"Save the file and exit the text editor.
Step 3: Start the SSH Service
Start the SSH service with the following command:
sudo service sshd startStep 4: Configure Firewall Rules for SSH
By default, FreeBSD uses PF (Packet Filter) as its firewall. First, create a backup of the original PF configuration file:
sudo cp /etc/pf.conf /etc/pf.conf.bakNext, open the PF configuration file using a text editor:
sudo vi /etc/pf.confAdd the following lines to allow inbound SSH connections:
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep stateSave the file and exit the text editor.
Step 5: Enable and Start the PF Firewall
Edit the /etc/rc.conf file again to enable the PF firewall:
sudo vi /etc/rc.confAdd the following line to the file:
pf_enable="YES"Save the file and exit the text editor.
Start the PF firewall with the following command:
sudo service pf startStep 6: Change the Default SSH Port
In this example, we'll change the default SSH port from 22 to 33556. You can choose a different port number if you prefer, but make sure it's not already in use by another service.
First, create a backup of the original SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bakNext, open the SSH configuration file using a text editor:
sudo vi /etc/ssh/sshd_configFind the line that starts with #Port 22 and change it to the desired port number. Remove the # at the beginning of the line to uncomment it. For example:
Port 33556Save the file and exit the text editor.
Step 7: Configure Firewall Rules for the Custom SSH Port
Update the firewall rules to allow inbound connections on the custom SSH port. First, delete the previous SSH rule:
Edit the PF configuration file again:
sudo vi /etc/pf.confRemove the previous SSH rule:
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep stateAdd a new rule for the custom SSH port:
pass in on $ext_if proto tcp from any to any port 33556 flags S/SA keep stateSave the file and exit the text editor.
Restart the PF firewall to apply the new rules:
sudo service pf restartStep 8: Restart the SSH Service
Restart the SSH service to apply the changes with the following command:
sudo service sshd restartStep 9: Verify the Custom SSH Port
You can verify that the SSH service is listening on the custom port by running the following command:
sudo sockstat -4 -l | grep sshThe output should display the new port number (e.g., 33556) in the "Local Address" column.
Step 10: Connect to the Custom SSH Port
To connect to your FreeBSD system via SSH on the custom port, use the following command from a remote machine (replace username with your actual username, and 10.20.30.40 with the IP address of your FreeBSD system):
ssh -p 33556 username@10.20.30.40Celebrate!
You have now successfully set up and secured SSH on your FreeBSD 13 system. You've enabled the SSH service, configured the appropriate firewall rules to allow inbound connections, and changed the default SSH port to enhance security. With these changes in place, you can remotely manage your FreeBSD system with confidence.
Remember to always keep your system up to date and monitor the security of your SSH service to maintain a secure environment.