Ref: https://doc.pfsense.org/index.php/Remote_Config_Backup
The above mentioned page seems to advocate using wget with --no-check-certificate to poll the configuration from a pfSense box. This means a man in the middle can easily obtain the password of a user with access to the diag_backup page, which can also be used to restore the configuration and thus change virtually anything, including, I assume, granting himself better access. It also requires the credentials for pfSense to be stored in clear text remotely.
The discouraged "Push it" solution at the bottom of the page seems like a much better choice to me.
I also don't see why anyone should go through the hassle of setting up the web based config polling method when one could simply enable SSH login to pfSense and use a key without a passphrase to fetch the config. One is still storing the credentials, a key rather than a username and password, remotely, but at least this approach eliminates the man in the middle scenario and is less likely to break with a future update affecting the webpage.
Why not simply advocate the use of SSH without a passphrase for both directions? One could even add an additional user configured with an sshd_config ForceCommand directive to "cat" the config to prevent the saved key from doing anything other than dumping the config file. The same could be done for "push it", to immediately start writing to a server-specified timestamped file and allow no other commands to be run remotely as that user.
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
