FreshTomato Wiki

User Tools

Site Tools

Trace: forward-triggered basic-static faq entware_installation_usage toggle_radio basic-network admin_access howtos wireless_ethernet_bridge advanced-mac
admin_access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
admin_access [2025/11/15 19:55] – [SSH Daemon] hogwildadmin_access [2025/11/15 20:04] (current) – [Admin Restrictions] hogwild
Line 57: Line 57:
 **Allow Wireless Access:** allows WiFi and Ethernet clients to access the web interface. (Default: Disabled). \\  **Allow Wireless Access:** allows WiFi and Ethernet clients to access the web interface. (Default: Disabled). \\ 
  \\   \\ 
-**Directory with GUI files:** lets you select the directory of files that provide the graphical web interface. \\ //CAUTION//: Do not change this setting unless you're experienced. An error could prevent you from accessing the web interface. \\ +**Directory with GUI files:** here, select the directory of files that provide the web interface. \\ //CAUTION//: Do not change this setting unless you're experienced. An error could prevent you from accessing the web interface. \\ 
  \\   \\ 
-**Theme UI:**  lets you choose the color scheme (theme) used for the web interface pages.+**Theme UI:**  lets you select the color scheme (theme) used for the web interface pages.
  
 (Default: Default). \\  (Default: Default). \\ 
Line 68: Line 68:
 ===== SSH Daemon ===== ===== SSH Daemon =====
  
-Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN clients. Setings here enable or disable the SSH and the Dropbear daemon, and configure their operation.+Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN clients. Setings here enable or disable the SSH and the Dropbear daemon, and configure their operation. \\ 
  \\   \\ 
 **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). \\  **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). \\ 
Line 86: Line 86:
 //For example//: //For example//:
  
-Say you want to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/forward configured (example: 127.0.0.1:1234 gets tunnelled/forwarded through SSH to 192.168.1.66:3389). This way, when you're connected via SSH to the router, you can open up RDP on the machine running the SSH client, and connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (RDP already uses encryption, but it's weaker than that provided by SSH). +Say you want to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/forward configured (example: 127.0.0.1:1234 gets tunnelled/forwarded through SSH to 192.168.1.66:3389). This way, when you're connected via SSH to the router, you can open up RDP on the machine running the SSH client, and connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (RDP already uses encryption, but it's weaker than that provided by SSH). \\  
- + \\  
-**Port: **the port on which SSH traffic will flow. It's best to change this from the default, as port 22 is being constantly scanned by hackers. (Default: 22). +**Port: **the port on which SSH traffic will flow. It's best to change this from the default, as port 22 is being constantly scanned by hackers. (Default: 22). \\  
- + \\  
-**Allow Password Login: **lets clients login via SSH with only the administrative username and password. No encryption key is needed. When disabled, SSH will require an authorized key to allow log on. +**Allow Password Login: **lets clients login via SSH with only the administrative username and password. No encryption key is needed. When disabled, SSH will require an authorized key to allow log on. \\  
- + \\  
-**Authorized Keys:** here, enter one or more encryption keys to authorize an SSH client to access to the LAN. +**Authorized Keys:** here, enter one or more encryption keys to authorize an SSH client to access to the LAN. \\  
- + \\  
-**Stop Now:** immediately stops the SSH daemon. SSH will start again at next boot. After clicking Stop Now, the button displays as "Start Now". Clicking this immediately starts the SSH daemon. \\   \\ +**Stop Now:** immediately stops the SSH daemon. SSH will start again at next boot. After clicking Stop Now, the button displays as "Start Now". Clicking this immediately starts the SSH daemon. \\  
 + \\ 
  
 ===== Telnet Daemon ===== ===== Telnet Daemon =====
  
-The Telnet protocol allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not a secure protocol. +The Telnet protocol allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not a secure protocol. \\  
- + \\  
-**Enable at Startup:**  enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. +**Enable at Startup:**  enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. \\  
- + \\  
-**Port:** the port on which Telnet connections will be made to the router. (Default: 23). +**Port:** the port on which Telnet connections will be made to the router. (Default: 23). \\  
- + \\  
-**Stop Now / Start Now:  **immediately stops the Telnet Daemon. It will restart at next boot (if //Enable at Startup// is checked). +**Stop Now / Start Now:  **immediately stops the Telnet Daemon. It will restart at next boot (if //Enable at Startup// is checked). \\  
- + \\  
-When the Daemon has stopped, this button will display as "Start Now". Clicking Start Now immediately starts the Daemon. When Telnet is finished starting, the text on this button will change back to "Stop Now"+When the Daemon has stopped, this button will display as "Start Now". Clicking Start Now immediately starts the Daemon. When Telnet is finished starting, the text on this button will change back to "Stop Now"\\  
 + \\  
 + \\  
 +{{:8df69e6c26ffe04b52fd742f27ad1a3a.png}} \\ 
  \\  \\
- 
-{{:8df69e6c26ffe04b52fd742f27ad1a3a.png}} \\   \\ 
  
  
 ===== Admin Restrictions ===== ===== Admin Restrictions =====
  
-**Allowed Remote IP Address:**  the IP addresses/DNS names of hosts you want to allow to connect to the router's web interface. Addresses can be individual, comma-separated or a range separated by a dash (1.1.1.1-2.2.2.2). This applies to local and remote administration via HTTP(S), SSH and Telnet. +**Allowed Remote IP Address:**  the IP addresses/DNS names of hosts you want to allow to connect to the router's web interface. Addresses can be individual, comma-separated or a range separated by a dash (1.1.1.1-2.2.2.2). This applies to local and remote administration via HTTP(S), SSH and Telnet. \\  
- + \\  
-**Limit Connection Attempts:**  lets you specify whether SSH or Telnet connection attempts will be limited to a certain number of attempts (n) at a certain frequency (f). (Default: 3 attempts every 60 seconds). +**Limit Connection Attempts:**  lets you specify whether SSH or Telnet connection attempts will be limited to a certain number of attempts (n) at a certain frequency (f). \\ (Default: 3 attempts every 60 seconds). \\  
- + \\  
-Checking SSH limits the number of SSH connection attempts to number "n" at frequency "f". Checking Telnet similarly limits the number of Telnet connection attempts. +Checking SSH limits the number of SSH connection attempts to number "n" at frequency "f". Checking Telnet similarly limits the number of Telnet connection attempts. \\  
- + \\  
- \\ + \\ 
 [[https://wiki.freshtomato.org/lib/exe/detail.php?id=admin_access&media=a7c2f09179ae06e42debf184f16c60aa.png|{{:a7c2f09179ae06e42debf184f16c60aa.png}}]] [[https://wiki.freshtomato.org/lib/exe/detail.php?id=admin_access&media=a7c2f09179ae06e42debf184f16c60aa.png|{{:a7c2f09179ae06e42debf184f16c60aa.png}}]]
  
Line 129: Line 128:
 ===== Username/Password ===== ===== Username/Password =====
  
-Here, you can set FreshTomato'main logon Username and Password. You are strongly urged to change these from the default to keep the network secure. +Here, you can set the main logon Username and Password. You are strongly urged to change these from the default to keep the network secure. \\ 
- + \\  
- \\ +**Username:**  the logon Username to set. Leaving this empty sets the username as the default: "root"\\  
- + \\  
-**Username:**  the FreshTomato logon Username to set. Leaving this field empty sets the username as the default: "root"+**Password:**  the logon password to set. (Default: "admin"). \\  
- + \\  
-**Password:**  the FreshTomato logon password to set. (Default: "admin"). +**Re-enter to confirm:**  here, enter the password again to confirm it. It will be changed only when the text here and in the Password field match. \\  
- + \\  
-**Re-enter to confirm:**  here, enter the password again to confirm it. It will be changed only when the text here and in the Password field match. + \\ 
- +
- \\ +
 {{:39f890aeb648c15c4715402a590e36a0.png}} {{:39f890aeb648c15c4715402a590e36a0.png}}
- + \\  
- \\ + \\  
- + \\  
- \\ +
- +
- \\ +
- +
admin_access.1763236539.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki