On 2011-05-19 12:41, Mehma Sarja wrote:
Never had the need nor opportunity to admin a box remotely - so this
question may be as trivial as ssh in and maintain pf.conf and
config.xml. Any experiences?
Trying to maintain config.xml over SSH is not very fun, although it is
possible. I vaguely remember there being some command that will spawn an
editor on config.xml, and then save it persistently, reloading the
configuration when the editor exited. I might have dreamed that, though.
Assuming you don't have a VPN, what you want to do instead, is to tunnel
HTTP or HTTPS over SSH. From a Linux machine you'd do something like:
ssh -L 10080:localhost:80 pfsense-box.example.net
After you're authenticated, pointing your web browser at
http://localhost:10080 will let you remotely manage the pfsense box. On
a windows box you can substitute PuTTY for the ssh client, it'll let you
do the same thing through a pointy-clicky GUI.
Exposing ssh publically can be fine as long you take basic precautions -
have a strong password setup for all your users that can ssh into the
machine for one, and I would recommend using a non-standard port for SSH
and, if practical, setting up the firewall to filter out which IP
addresses are permitted to connect to the machine. Requiring SSH keys
for access would also be a good idea, depending on your balance between
security and usability.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
