FreeBSD - Enable SSH Connections

freebsd_enable_sshd_daemon_using_sudo FreeBSD - Enable SSH Connections

What is SSH server?   

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

What is SUDO?

sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user's real (not effective) user ID is used to determine the user name with which to query the security policy.

sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the sudo front end. The default security policy is sudoers, which is configured via the file /etc/sudoers, or via LDAP.


System Used 

FreeBSD 11.2-RELEASE (GENERIC) #0 r335510: Fri Jun 22 04:32:14 UTC 2018 


Requirements 

 FreeBSD installed and properly configured


How to Install & Enable SSH 

Enable SSH server and allow connections to default port 22 using below command. The command below inserts sshd_enable="YES" into the rc.conf file which enables SSHD at startup/boot time 

 Now let's start SSH server by typing below command

 How to verify port 22 on IPv4 is enabled after a reboot or restart of sshd service.

 Checking IPv6 below.

 You can also use sockstat to get listening port information

 IPv4 sockstat command

 IPv6 sockstat command.


Enabling Root Login 

Warning, you should never enable the root account unless it's for some special reason. Example: In a secure or test environment you would type the below. 

Add the below line to your /etc/ssh/sshd_config file: 

# Authentication:

PermitRootLogin yes
#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Now restart sshd service, see above for command 


Enable Sudo Instead of Enabling Root Logins to SSH 

Installing and configuring sudo on FreeBSD

 Now edit the line below to add a user called for example John Doe, Login name jdoe to the sudo users that can login

Now add the line if you plan on giving yourself all commands with root permissions 

##
## Runas alias specification
##

##
## User privilege specification
##
root ALL=(ALL) ALL
jdoe ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

Now jdoe has sudo rights to run root permission commands through sudo command 

Now jdoe can modify files and save them as root, then run service commands such as sshd daemons.



Font size: +
Report Print

By accepting you will be accessing a service provided by a third-party external to https://www.klokur.com/