This recipe describes how to create an authorized RSA key so a user can connect to pfSense without being prompted for a password.
Linux and Mac users will need to ensure ssh-keygen is installed on their system (almost all distributions have this installed by default). Windows users will need to download and install the PuTTYGen tool.
Generate an SSH key from a Linux/Mac Client as follows:
- Open a terminal and run:
ssh-keygen - Save the key to the default location of
/home/user/.ssh/and specify a pass code (optional, but recommended). - Your public key is now located at
/home/user/.ssh/id_rsa.pub.
Generate an SSH key from a Windows client using PuTTY as follows:
- Open PuTTYGen and generate a public/private key pair by clicking the Generate button.
- Enter a passphrase (optional, but recommended).
- Click the Save Private Key button and choose a location, such as
C:MyPrivateKey.ppk.
- Highlight the public key that was generated in the textbox and copy and paste it into a new file, let's say
C:MyPublicKey.txt. (Do not use the Save Public Key button, as that adds comments and other fields that are sometimes incompatible.)
RSA keys have become a standard for securing client/server connections for any service which chooses to take advantage of it. A client generates a key pair—a private key file and a public key file (an optional pass-phrase can be specified for enhanced security). Now, any server administrator can request that client's public key and add it to their system. The client can then securely authenticate without typing in a password.
RSA key authentication is most often associated with SSH access, and is often referred to as SSH keys but that is misleading. RSA keys are generic and not specific to SSH. Although SSH often uses them, RSA keys can be used by any type of service that chooses to support them, such as VPN, VoIP, FTP, and so on.