Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Admin best practises + Yubikey

    General pfSense Questions
    4
    7
    515
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kais_1 last edited by

      im a bit of a noob to pfsense...and i wanted to know what are the best things that i should do to secure the admin account and pfsense.

      i have a yubikey to hand and wanted to know if this can be used in any way?

      thanks in advance

      Kais

      Gertjan 1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan @Kais_1 last edited by

        @Kais_1 said in Admin best practises + Yubikey:

        secure the admin account and pfsense.

        Combine these tow methods : chose a good password and use LAN only for trusted devices - all other local users should be on a OPTx network that doesn't even allow GUI access (let the firewall protect itself).

        1 Reply Last reply Reply Quote 0
        • K
          Kais_1 last edited by

          tks for the info..

          any ideas how to implement the yubikey?

          Gertjan 1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan @Kais_1 last edited by

            @Kais_1 said in Admin best practises + Yubikey:

            any ideas how to implement the yubikey?

            noop. This Yubikey isn't known to pfSense. Check the manual ^^

            But : this guy has all the knows answers and possibilities, as usual.

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              You might check out the user management hangout: https://youtu.be/5rj5ER_2xJE

              I'm not aware of any specific way to use a Yubikey directly but you might be able to do something via an external radius server.

              Steve

              1 Reply Last reply Reply Quote 0
              • nzkiwi68
                nzkiwi68 last edited by

                Yuibkey definitely supports anything via an external radius server, you could use that for 100% certain.

                For your yubikeys, run an external RADIUS server;
                FreeRADIUS on any Unix (external to pfSense) and and get the PAM (Pluggable Authentication Module)
                https://developers.yubico.com/yubico-pam/YubiKey_and_FreeRADIUS_1FA_via_PAM.html
                I've had good success with GreenRADIUS - paid software
                https://www.greenrocketsecurity.com/greenradius/

                On pfSense, setup an external radius server pointing to your external radius server;
                System / User Manager / Authentication Servers / Edit
                Make a new authentication server using the RADIUS server

                Job done!

                1 Reply Last reply Reply Quote 2
                • stephenw10
                  stephenw10 Netgate Administrator last edited by

                  Ooo nice. 😀

                  1 Reply Last reply Reply Quote 0

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy