PFSense - Enable SSH

PFSense - Enable SSH

Jun 17, 2022 - 09:11
 0  920
PFSense - Enable SSH

PFSense - Enable SSH

Would you like to learn how to enable Pfsense SSH remote access? In this tutorial, we are going to show you all the steps required to enable the SSH service and configure the firewall to allow external connections to the TCP port 22.

• Pfsense 2.4.4-p3

PFSense - Enable SSH

Open a browser software, enter the IP address of your Pfsense firewall and access web interface.

In our example, the following URL was entered in the Browser:


The Pfsense web interface should be presented.Pfsense login

On the prompt screen, enter the Pfsense Default Password login information.

• Username: admin
• Password: pfsense

After a successful login, you will be sent to the Pfsense Dashboard.Pfsense dashboard

Access the Pfsense System menu and select the Advanced option.pfsense console login

On the Admin access tab, locate the Secure Shell configuration ares.

Select the option named Enable Secure Shell.pfsense enable ssh service

Click on the Save button to enable the SSH service immediately.

If you want to verify the SSH service status , acess the PFsense Status menu and select the Services option.pfsense ntopng services

Here, you are able to verify the status of all services from the Pfsense firewall.pfsense services

In our example, the SSHD service is up and running.

Congratulations! You have finished the Pfsense SSH service configuration.

PFSense - Allow SSH external connections

By default, the PFsense firewall does not allow external SSH connections to the WAN interface.

In our example we are going to create a firewall rule to allow the SSH communication.

Access the Pfsense Firewall menu and select the Rules option.pfsense firewall rule menu

Click on the Add button to add a rule to the Top of the list.pfsense add firewall rule

On the Firewall rule creation screen, perform the following configuration:

• Action - Pass
• Interface - WAN
• Address family - IPV4
• Protocol - TCPpfsense allow ssh external

On the Source configuration screen, you need to define the IP address that should be allowed to perform SSH communication with the Pfsense firewall.

In our example, any computer is able to perform SSH communication with the firewall.pfsense snmp firewall source

On the Firewall destination screen, perform the following configuration:

• Destination - Wan address
• Destination port range- From SSH (22) to SSH (22)pfsense ssh firewall

On the Firewall Extra options screen, you may enter a description to the firewall rule.pfsense ssh firewall configuration

Click on the Save button, you will be sent back to the Firewall configuration screen.

Now, you need to reload the firewall rules to apply the SSH configuration.

Click on the Apply changes button to reload the firewall configuration.Pfsense apply firewall rule

You have finished the PFsense firewall configuration to allow SSH communication using the WAN interface.

PFSense - Testing the SSH configuration

Use the following commands to test the Pfsense SSH communication from a computer running Ubuntu Linux:.Copy to Clipboard1




Keep in mind that you need to change the PFsense IP address to reflect your environment.

You may test the remote connection to the WAN interface and also to the LAN interface.

To test the Pfsense SSH configuration from a computer running Windows:

Download the last version of the PUTTY application, and test the communication using the following parametes:pfsense ssh putty windows

If you use older versions of the Putty software, you will not be able to connect to the PFsense firewall.

You have successfully performed a Pfsense SSH communication test.