This brief guide will walk you through the steps to configure and enable SSH on FreeBSD. All steps provided below are tested on a freshly installed FreeBSD 13.1 system.
OpenSSH Server is installed by default on FreeBSD. But on a fresh FreeBSD system, remote SSH logins are not allowed. You must enable SSH access yourself to access your FreeBSD server via SSH from other systems on the network.
Enable SSH on FreeBSD
If you don't have created any normal users on your system yet, create one first.
For example, I am going to create an user named ostechnix using command:
You will be prompted to answer a couple questions, such user name, full name, login group name, login class, default shell etc. Mostly the default values are just fine. Press ENTER key to accept the defaults values and type your password twice.
Username: ostechnix Full name: Ostechnix Uid (Leave empty for default): Login group [ostechnix]: Login group is ostechnix. Invite ostechnix into other groups? : Login class [default]: Shell (sh csh tcsh nologin) [sh]: Home directory [/home/ostechnix]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : ostechnix Password : ***** Full Name : Ostechnix Uid : 1001 Class : Groups : ostechnix Home : /home/ostechnix Home Mode : Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (ostechnix) to the user database. Add another user? (yes/no): no Goodbye!
Next, edit /etc/rc.conf file:
# vi /etc/rc.conf
Add the following line at the end:
Hit ESC and type :wq to save and quit the file.
Finally, start SSH service:
# /etc/rc.d/sshd start
Done! Now you can access your FreeBSD server via SSH from any system on the network like below.
$ ssh email@example.com
Replace firstname.lastname@example.org in the above command with your user name and IP address.
As you may already know, when you SSH into a FreeBSD server for the first time, you will be prompted to verify the server's fingerprint. Simply type Yes to continue and type the password of the user.
FreeBSD 13.1-RELEASE releng/13.1-n250148-fc952ac2212 GENERIC Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier To change this login announcement, see motd(5). Forget when Easter is? Try "ncal -e". If you need the date for Orthodox Easter, use "ncal -o" instead. -- Dru <email@example.com> ostechnix@freebsd:~ $
Enable SSH Root access in FreeBSD
By default, SSH root login is disabled for security purposes on FreeBSD. So, you can't access your FreeBSD server via SSH as root user. It is strongly recommended to leave SSH root login disabled and use a non-privileged user and allow SSH access to that user as described above.
If you still want to allow SSH access to the root user for any reason, do the following.
Edit /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find the following line:
Uncomment it by removing the hash (#) symbol and change it's value to yes like below:
Save and quit the file. Restart SSH service using command:
# /etc/rc.d/sshd restart
Now you can be able to login via SSH as root user from any system on the network using command.
# ssh firstname.lastname@example.org
Again, enabling SSH access for root account is not recommended. I strongly suggest you to use a non-privileged user and leave SSH root login disabled.