moni/stuff
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
stuff/os/FreeBSD/FreeBSD_on_Lenovo_Thinkcentre.md
Moni Ghaoui f725e9cfb5 tailscale
2025-07-08 22:05:34 +02:00

1.5 KiB
Raw Blame History

Setup

First time:

su -

Do a system update:

freebsd-update fetch install

Update

pkg update

Install my favorite packages

pkg install -y bash sudo tmux htop neovim git ncdu bastille tailscale aria2

Add "wheel" to the suoers file:

visudo

Change shell

chsh -s /usr/local/bin/bash

Tailscale

service tailscaled enable 
service tailscaled start
tailscale up

SSH

nvim /etc/ssh/sshd_config

Change this setting:

KbdInteractiveAuthentication no

That should be it. The config file should have these settings, including the commented lines shown as below:

#PermitRootLogin no
#PubkeyAuthentication yes
#PasswordAuthentication no
KbdInteractiveAuthentication no
#UsePAM yes

Test the setting

sshd -t

Reload:

service sshd reload

PF

Note, if you're using Bastille, the /etc/pf.conf file is going to look different. See Bastille.

Now we need to get the filewall going.

nvim /etc/pf.conf

Contents:

block in all

ext_if="em0"
pass in on $ext_if proto tcp to ($ext_if) port 22
pass in on $ext_if proto tcp to ($ext_if) port 80
pass in on $ext_if proto tcp to ($ext_if) port 443

tailscale_if="tailscale0"
pass in on $tailscale_if proto tcp to any port 22

pass out all keep state

sysrc pf_enable=yes
service pf start

If you get the error 'no host key files found` then

ssh-keygen -A