# Setup

First time:

```sh
su -
```

Do a system update:

```sh
freebsd-update fetch install
```

Update

```sh
pkg update
```

Install my favorite packages

```sh
pkg install -y bash sudo tmux htop neovim git ncdu bastille tailscale aria2
```

Add "wheel" to the suoers file:

```sh
visudo
```

Change shell

```sh
chsh -s /usr/local/bin/bash
```

Tailscale

```sh
service tailscaled enable 
service tailscaled start
tailscale up
```

# SSH

```sh
nvim /etc/ssh/sshd_config
```

Change this setting:

```
KbdInteractiveAuthentication no
```

That should be it. The config file should have these settings, including the commented lines shown as below:

```
#PermitRootLogin no
#PubkeyAuthentication yes
#PasswordAuthentication no
KbdInteractiveAuthentication no
#UsePAM yes
```

Test the setting

```sh
sshd -t
```

Reload:

```sh
service sshd reload
```

# PF

Note, if you're using Bastille, the `/etc/pf.conf` file is going to look different. See [Bastille](../FreeBSD/Bastille/Bastille.md).

Now we need to get the filewall going.

```sh
nvim /etc/pf.conf
```

Contents:

```
block in all

ext_if="em0"
pass in on $ext_if proto tcp to ($ext_if) port 22
pass in on $ext_if proto tcp to ($ext_if) port 80
pass in on $ext_if proto tcp to ($ext_if) port 443

tailscale_if="tailscale0"
pass in on $tailscale_if proto tcp to any port 22

pass out all keep state
```

```sh
sysrc pf_enable=yes
service pf start
```

If you get the error 'no host key files found` then

```sh
ssh-keygen -A
```