FreshTomato Wiki

User Tools

Site Tools

Trace:
admin-access

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
admin-access [2023/06/23 19:35] – [Web Admin] -formatting hogwildadmin-access [2023/06/23 20:44] (current) – [SSL Certificate] -condense hogwild
Line 7: Line 7:
 The Web Admin section has settings to control who can access FreshTomato's web interface, how, and from where. It also allows you to choose which menus stay nested or shown. Finally, it also has settings for the web interface's color scheme. The Web Admin section has settings to control who can access FreshTomato's web interface, how, and from where. It also allows you to choose which menus stay nested or shown. Finally, it also has settings for the web interface's color scheme.
  \\   \\ 
 +
 **Local Access:  **This let you choose which web protocol(s) are allowed to communicate with the web interface via the LAN. \\ Port and Wireless access options will appear, depending on which selection you choose. **Local Access:  **This let you choose which web protocol(s) are allowed to communicate with the web interface via the LAN. \\ Port and Wireless access options will appear, depending on which selection you choose.
  
Line 59: Line 60:
 **Theme UI:**  This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default). **Theme UI:**  This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default).
  
-**Open Menus:**  Checking a menu name here will show all its submenus as open. Any unchecked menu will display its submenus as nested.+**Open Menus:**  Checking a menu name here will show all its submenus as open. Unchecked menus will display their submenus as nested. 
  
 ===== SSH Daemon ===== ===== SSH Daemon =====
Line 65: Line 67:
 Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN client devices. Setings in this section let you enable or disable the SSH Daemon and the Dropbear daemon, and configure their operation. Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN client devices. Setings in this section let you enable or disable the SSH Daemon and the Dropbear daemon, and configure their operation.
  
-**Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled).+**Enable at Startup:**  Checking this starts the SSH Daemon when the router boots. (Default: Enabled).
  
-**Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator.+**Extended MOTD:**  Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator.
  
  \\  \\
Line 77: Line 79:
 **Remote Access:**  Checking this allows SSH connections from remote WAN/Internet clients. (Default: Disabled). **Remote Access:**  Checking this allows SSH connections from remote WAN/Internet clients. (Default: Disabled).
  
-**Remote Forwarding: **Checking this enables the Dropbear service. This service/daemon provides SSH services on the router and supports SSH port tunneling/forwarding. Do not confuse this with standard (local) Port Forwarding.+**Remote Forwarding:  **Checking this enables the Dropbear service. This service/daemon provides SSH services on the router and supports SSH port tunneling/forwarding. Do not confuse this with standard (local) Port Forwarding.
  
 For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/forward configured (example: 127.0.0.1:1234 gets tunnelled/forwarded through SSH to 192.168.1.66:3389. This way, when you're connected via SSH to the router, you can open up RDP on the machine running the SSH client, and connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (RDP already uses encryption, but it's weaker than that provided by SSH). For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/forward configured (example: 127.0.0.1:1234 gets tunnelled/forwarded through SSH to 192.168.1.66:3389. This way, when you're connected via SSH to the router, you can open up RDP on the machine running the SSH client, and connect to 127.0.0.1:1234 and you're securely connected to 192.168.1.66 on your LAN. All traffic flows through SSH, and thus is encrypted. (RDP already uses encryption, but it's weaker than that provided by SSH).
  
-**Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port from the default is highly recommended, as port 22 is being constantly scanned by Internet hackers.+**Port:  **Here, enter the port number on which SSH traffic will flow. Changing the port from the default is highly recommended. Port 22 is constantly scanned by Internet hackers. (Default: 22).
  
-**Allow Password Login: **Checking this allows clients to login via SSH with only FreshTomato'normal username and password. No authorized encryption key is needed. When disabled, SSH will require an authorized key to allow a client to log on.+**Allow Password Login:  **Checking this allows clients to login via SSH with only the normal administrative username and password. No authorized encryption key is needed. When disabled, SSH will require an authorized key to allow a client to log on.
  
-**Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN.+**Authorized Keys:**  Here enter one or more encryption keys which authorize an SSH client to access to the LAN
 + 
 +**Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. After clicking, the button will then display as "Start Now". Clicking it will immediately start the SSH daemon.
  
-**Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. 
  
 ===== Telnet Daemon ===== ===== Telnet Daemon =====
Line 110: Line 113:
  
 Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet limits the number of Telnet connection attempts to number n at frequency s (in seconds). Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet limits the number of Telnet connection attempts to number n at frequency s (in seconds).
 +
 + \\
  
 [[https://wiki.freshtomato.org/lib/exe/detail.php?id=admin_access&media=a7c2f09179ae06e42debf184f16c60aa.png|{{:a7c2f09179ae06e42debf184f16c60aa.png}}]] [[https://wiki.freshtomato.org/lib/exe/detail.php?id=admin_access&media=a7c2f09179ae06e42debf184f16c60aa.png|{{:a7c2f09179ae06e42debf184f16c60aa.png}}]]
 +
  
 ===== Username/Password ===== ===== Username/Password =====
  
-The Username/Password section is used to set FreshTomato's main logon Username and Password. You are strongly urged to change these from the default settings to keep the router and network secure.+You are strongly urged to change these from the default settings to keep the router and network secure.
  
 **Username:** Here, enter the FreshTomato logon Username you wish to set. Leaving this field empty sets the username as "root". (Default: "root"). **Username:** Here, enter the FreshTomato logon Username you wish to set. Leaving this field empty sets the username as "root". (Default: "root").
Line 122: Line 128:
  
 **Re-enter to confirm:** In this field, enter the password again to confirm it is correct. The password will be changed only when the text entered in this field and in the Password field match exactly. **Re-enter to confirm:** In this field, enter the password again to confirm it is correct. The password will be changed only when the text entered in this field and in the Password field match exactly.
 +
 + \\
  
 {{:39f890aeb648c15c4715402a590e36a0.png}} {{:39f890aeb648c15c4715402a590e36a0.png}}
  
 + \\
  
 + \\
  
  
admin-access.1687545305.txt.gz · Last modified: 2023/06/23 19:35 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki