The SSH key is the recommended way to access your SSH server located behind the pfsense firewall. For security reasons, username and password are not the correct way to access an SSH Server.

This post provides all the necessary steps to use the SSH key to access a pfsense firewall.

First thing, your pfsense must have SSH enabled, if you haven’t already, see the post Enable ssh on pfsense firewall.

How to disable password login ssh in pfsense

Go to System and select Advanced.

Scroll down to find the Secure Shell section.

In “Authentication Method“, check “Disable password login for secure shell (RSA / DSA key only)

Click on Save.

Copy the public key you want to add to pfsense.

Adding RSA key in pfsense

Access the System and click on “User Manager“.

If the user does not yet exist, click Add to create the user and add the public key at the same time.

To add a public key for an existing user, click the edit sign next to the username.

Scroll down to find the Keys section. In “Authorized SSH keys“, paste the current user’s public SSH key.

When you’re done, click Save.

Now when you try to connect to your pfsense via SSH, the system will not ask for username and password, but the SSH server will check if user XXX’s server public matches the private key for the same XXX user.

How to configure pfSense to use an RSA key