SCP File Transfers

To connect to the pfSense firewall with SCP for file transfers, use the root account with the same
credentials as admin, or a user account with sufficient privileges.
Users with shell access may transfer files, as well as users with the User - System - Copy
files privilege. Note that users other than root can only transfer or write files for which their
account has permission to read or modify.
Any SCP/SFTP-compatible program may be used to transfer files. Popular choices
include scp, FileZilla, and WinSCP.

Enable SSH via WebGUI

 Navigate to System > Advanced in the WebGUI. This will show the Admin Access tab.
 Check Enable Secure Shell

 To allow only SSH key authentication, check Disable password login for Secure Shell
(RSA/DSA key only)
 Enter a port number in SSH Port if the SSH daemon should listen on a non-default port.
Leave the field blank for the daemon to use port 22.
 Click Save

Enable SSH via Console

Connect to the console (VGA or Serial) and use option 14 to enable or disable SSH.
To change the port number or key authentication options, use the GUI as directed above.

User Access
By default only admin and root have SSH access. Additional users with limited access may be
granted the User - System - Shell account access privilege to login via SSH.
Note that additional users do not have full root privileges in the shell, so the menu is not
displayed. Many commands and other files are inaccessible as well. For a normal user to get
much use from the shell, the Sudo Package can be used to delegate additional privileges to run
commands as root or other users.
SSH Keys
SSH keys for authentication may be added to individual user accounts under System > User
Manager. The admin user and root user share keys.
Do not attempt to manage keys from the shell directly.