I would like to add a user for myself to login via SSH to a pfSense box. I don't want to just blindly go through the adduser
command and inadvertently break something / open a vulnerability somewhere though. Looking at the config page in the WebUI:
I can't find where to add users or to specify their keys. What is the right way to add users that can use SSH? Can I also safely use the AllowUsers directive to keep tighter control of those allowed to login via SSH?
Bonus: I would also like to disable root from being able to login via SSH. I can see the option PermitRootLogin in the /etc/ssh/sshd_config file, though I don't necessarily want to modify it directly as I could potentially lose those changes with updates/patches or changes through the WebUI. Thoughts?
Are you using an older version of pfsense? In 2.0+, users are maintained under System->User Manager ( 192.168.x.1/system_usermanager.php ). When you add a new user you can also paste in an authorized key for SSH. There's also a SSHDCond package that "acts as an access list frontend for ssh connections", although I have not tried it myself (and it's listed as Beta).