111 lines
1.4 KiB
Markdown
111 lines
1.4 KiB
Markdown
# Setup
|
|
|
|
First time:
|
|
|
|
```sh
|
|
su -
|
|
```
|
|
|
|
Do a system update:
|
|
|
|
```sh
|
|
freebsd-update fetch install
|
|
```
|
|
|
|
Update
|
|
|
|
```sh
|
|
pkg update
|
|
```
|
|
|
|
Install my favorite packages
|
|
|
|
```sh
|
|
pkg install -y bash sudo tmux htop neovim git ncdu bastille tailscale aria2
|
|
```
|
|
|
|
Add "wheel" to the suoers file:
|
|
|
|
```sh
|
|
visudo
|
|
```
|
|
|
|
Change shell
|
|
|
|
```sh
|
|
chsh -s /usr/local/bin/bash
|
|
```
|
|
|
|
Tailscale
|
|
|
|
```sh
|
|
service tailscaled enable
|
|
service tailscaled start
|
|
tailscale up
|
|
```
|
|
|
|
# SSH
|
|
|
|
```sh
|
|
nvim /etc/ssh/sshd_config
|
|
```
|
|
|
|
Change this setting:
|
|
|
|
```
|
|
KbdInteractiveAuthentication no
|
|
```
|
|
|
|
That should be it. The config file should have these settings, including the commented lines shown as below:
|
|
|
|
```
|
|
#PermitRootLogin no
|
|
#PubkeyAuthentication yes
|
|
#PasswordAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
#UsePAM yes
|
|
```
|
|
|
|
Test the setting
|
|
|
|
```sh
|
|
sshd -t
|
|
```
|
|
|
|
Reload:
|
|
|
|
```sh
|
|
service sshd reload
|
|
```
|
|
|
|
# PF
|
|
|
|
Note, if you're using Bastille, the `/etc/pf.conf` file is going to look different. See [Bastille](../FreeBSD/Bastille/Bastille.md).
|
|
|
|
Now we need to get the filewall going.
|
|
|
|
```sh
|
|
nvim /etc/pf.conf
|
|
```
|
|
|
|
Contents:
|
|
|
|
```
|
|
ext_if="em0"
|
|
block in all
|
|
pass in on $ext_if proto tcp to ($ext_if) port ssh
|
|
pass in on $ext_if proto tcp to ($ext_if) port 80
|
|
pass in on $ext_if proto tcp to ($ext_if) port 443
|
|
pass out all keep state
|
|
```
|
|
|
|
```sh
|
|
sysrc pf_enable=yes
|
|
service pf start
|
|
```
|
|
|
|
If you get the error 'no host key files found` then
|
|
|
|
```sh
|
|
ssh-keygen -A
|
|
```
|