This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
admin_access [2021/06/23 03:07] โ [Admin Access]-condense hogwild | admin_access [2023/06/23 19:59] โ -delete inappropriately-named page. Content moved to "admin-access" hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Admin Access ====== | ||
- | |||
- | The Admin Access menu has settings for who is allowed to administer the router and access the network, how those users can connect, and more. The menu is divided into sections. The sections include Web Admin, SSH Daemon, Telnet Daemon, Admin Restrictions and Username/ | ||
- | |||
- | |||
- | ===== Web Admin ===== | ||
- | |||
- | The Web Admin section has settings to control who can access FreshTomato' | ||
- | |||
- | ==== Local Access ==== | ||
- | |||
- | This menu contains choices to control which web protocol(s) are allowed for communication to the web interface via the LAN. | ||
- | |||
- | * Disabled: Choosing this disables all access to FreshTomato' | ||
- | * HTTP Port: Choosing this allows LAN client access to FreshTomato via the HTTP web protocol. | ||
- | * HTTPS: Choosing this allows LAN client access to FreshTomato via the HTTPS \\ (SSL-encrypted web) protocol. | ||
- | * HTTP and HTTPS: Choosing this allows LAN client access via both HTTP and HTTPS protocols. | ||
- | |||
- | **HTTP Port:** In this field, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
- | |||
- | [[https:// | ||
- | |||
- | **HTTPS port:** Here, enter the https port number you wish to use. (This option appears only if HTTPS is among the chosen options). | ||
- | |||
- | |||
- | ==== SSL Certificate ==== | ||
- | |||
- | **Common Name (CN): Here, enter the plain English name of the certificate to generate. | ||
- | |||
- | **Regenerate: | ||
- | |||
- | **Save in NVRAM:** TBD. | ||
- | |||
- | **Remote Access: | ||
- | |||
- | * Disabled: This prevents all access to FreshTomato' | ||
- | * HTTP: This allows web access to FreshTomato' | ||
- | * HTTPS: This allows web access to FreshTomato' | ||
- | |||
- | **Allow Wireless Access: | ||
- | |||
- | **Directory with GUI files: | ||
- | |||
- | **Color Scheme: | ||
- | |||
- | **Open Menus: | ||
- | |||
- | |||
- | ===== SSH Daemon ===== | ||
- | |||
- | **S**ecure **SH**ell is a tunneling protocol which allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN client devices. Seetings in this section let you enable or disable the SSH Daemon, and the Dropbear daemon, and configure their settings. | ||
- | |||
- | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | ||
- | |||
- | **Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system admin. | ||
- | |||
- | [[https:// | ||
- | |||
- | **Remote Access:** Checking this allows SSH connections from remote (WAN/ | ||
- | |||
- | **Remote Forwarding: **Checking this box enables the Dropbear service, the server/ | ||
- | \\ | ||
- | For example, say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet directly, via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ | ||
- | |||
- | **Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port number from the default is highly recommended, | ||
- | |||
- | **Allow Password Login: **Checking this allows clients to login via SSH with only FreshTomato' | ||
- | |||
- | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
- | |||
- | |||
- | ===== Telnet Daemon ===== | ||
- | |||
- | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Telnet is not a secure protocol. | ||
- | |||
- | **Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | ||
- | |||
- | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. | ||
- | |||
- | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. Note that after the Telnet daemon is stopped via this method, it will be restarted during FreshTomato' | ||
- | Clicking Start Now immediately starts the Telnet Daemon. When Telnet is finished starting, the text on this button will change back to Stop Now. | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ===== Admin Restrictions ===== | ||
- | |||
- | **Allowed Remote IP Address:** Here, you can specify the IP addresses or DNS names of hosts you want to allow to connect to the Tomato router' | ||
- | |||
- | **Limit Connection Attempts: **Here, you can specify whether you want SSH or Telnet connection attempts to be limited to a certain number of attempts (n) at a certain frequency (f). (Default: 3 connection attempts allowed every 60 seconds). | ||
- | |||
- | Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet limits the number of Telnet connection attempts to number n at frequency s (in seconds). | ||
- | |||
- | [[https:// | ||
- | |||
- | |||
- | ===== Username/ | ||
- | |||
- | The Username/ | ||
- | |||
- | **Username: | ||
- | |||
- | **Password: | ||
- | |||
- | **Re-enter to confirm:** In this field, you enter the password again to confirm this is the password you want. The password will only be changed when the text entere in this field and the text entered in the Password field match exactly. | ||
- | |||
- | {{: | ||
- | |||