This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
admin_access [2023/06/23 17:01] – [SSL Certificate] -add unmount JFFS, Allow Remote Upgrade and Remote Access options hogwild | admin_access [2023/06/23 21:27] – [Web Admin] -condense hogwild | ||
---|---|---|---|
Line 8: | Line 8: | ||
The Web Admin section has settings to control who can access FreshTomato' | The Web Admin section has settings to control who can access FreshTomato' | ||
- | **Local Access: | + | **Local Access: |
- | * Disabled - Choosing this disables all access to FreshTomato' | + | * Disabled - Choosing this disables all LAN access to FreshTomato' |
- | * HTTP - Choosing this allows LAN client access | + | * HTTP - Choosing this allows LAN Ethernet clients |
* HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
- | * Allow Wireless Access - Checking this let WiFi clients access the web interface. (Default: enabled). | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). |
- | * HTTPS - Choosing this allows LAN client access | + | * HTTPS - Choosing this allows LAN Ethernet clients |
* HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
- | * Allow Wireless Access - Checking this let WiFi clients access the web interface. (Default: enabled). | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface |
- | * HTTP and HTTPS - Choosing this allows LAN client | + | * HTTP and HTTPS - Choosing this allows LAN Ethernet clients to access |
* HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
* HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
- | * Allow Wireless Access - Checking this let WiFi clients access the web interface. (Default: enabled). | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). |
\\ | \\ | ||
Line 45: | Line 45: | ||
\\ **Unmount JFFS during upgrade:** Checking this unmounts any existing JFFS partition during firmware upgrades. :-(! | \\ **Unmount JFFS during upgrade:** Checking this unmounts any existing JFFS partition during firmware upgrades. :-(! | ||
- | **Allow Remote Upgrade:** Enabling this allows | + | **Allow Remote Upgrade:** Enabling this allows |
**Remote Access:** This menu lets you specify which, if any protocols will be allowed when remotely accessing the web interface. | **Remote Access:** This menu lets you specify which, if any protocols will be allowed when remotely accessing the web interface. | ||
Line 61: | Line 61: | ||
**Theme UI:** This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default). | **Theme UI:** This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default). | ||
- | **Open Menus: | + | **Open Menus: |
===== SSH Daemon ===== | ===== SSH Daemon ===== | ||
- | **S**ecure **SH**ell | + | Secure SHell is a tunneling protocol |
**Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | ||
**Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator. | **Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator. | ||
+ | |||
+ | \\ | ||
[[https:// | [[https:// | ||
+ | \\ | ||
+ | **Remote Access: | ||
+ | **Remote Forwarding: **Checking this enables the Dropbear service. This service/ | ||
+ | For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ | ||
- | ==== Remote Access ==== | + | **Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port from the default is highly recommended, |
- | + | ||
- | Checking this allows SSH connections from remote (WAN/ | + | |
- | + | ||
- | **Remote Forwarding: **Checking this enables the Dropbear service. This server/ | + | |
- | + | ||
- | As an example, say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet directly, via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ | + | |
- | + | ||
- | **Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port number | + | |
**Allow Password Login: **Checking this allows clients to login via SSH with only FreshTomato' | **Allow Password Login: **Checking this allows clients to login via SSH with only FreshTomato' | ||
**Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
+ | |||
+ | **Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. | ||
===== Telnet Daemon ===== | ===== Telnet Daemon ===== | ||
- | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Telnet is not a secure protocol. | + | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. |
- | **Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | + | **Enable at Startup: |
- | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. | + | **Port: |
- | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. | + | **Stop Now / Start Now: |
+ | |||
+ | \\ | ||
{{: | {{: | ||
Line 108: | Line 110: | ||
===== Admin Restrictions ===== | ===== Admin Restrictions ===== | ||
- | **Allowed Remote IP Address:** Here, you can specify | + | **Allowed Remote IP Address: |
- | **Limit Connection Attempts: **Here, | + | **Limit Connection Attempts: |
- | Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet limits the number of Telnet connection attempts | + | Checking SSH limits the number of SSH connection attempts to number |
+ | |||
+ | \\ | ||
[[https:// | [[https:// | ||
+ | |||
===== Username/ | ===== Username/ | ||
- | The Username/ | + | Here, you can set FreshTomato' |
- | **Username: | + | **Username: |
- | **Password: | + | **Password: |
- | **Re-enter to confirm:** In this field, enter the password again to confirm it is correct. | + | **Re-enter to confirm: |
+ | |||
+ | \\ | ||
{{: | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||