This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
admin_access [2023/06/23 19:59] – -delete inappropriately-named page. Content moved to "admin-access" hogwild | admin_access [2023/06/23 21:22] – [Admin Restrictions] -formatting hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Admin Access ====== | ||
+ | |||
+ | The Admin Access menu contains settings for who is allowed to administer the router and access the network, how those users connect, and more. The Admin Access menu is divided into sections. These sections include Web Admin, SSH Daemon, Telnet Daemon, Admin Restrictions and Username/ | ||
+ | |||
+ | |||
+ | ===== Web Admin ===== | ||
+ | |||
+ | The Web Admin section has settings to control who can access FreshTomato' | ||
+ | |||
+ | **Local Access: | ||
+ | |||
+ | * Disabled - Choosing this disables all LAN access to FreshTomato' | ||
+ | * HTTP - Choosing this allows LAN Ethernet clients to access the web interface via the HTTP protocol. | ||
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
+ | * HTTPS - Choosing this allows LAN Ethernet clients to access the web interface via the HTTPS (SSL-encrypted web) protocol. | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface via HTTPS. (Default: enabled). | ||
+ | * HTTP and HTTPS - Choosing this allows LAN Ethernet clients to access the web interface via both HTTP and HTTPS protocols. | ||
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ==== SSL Certificate ==== | ||
+ | |||
+ | **Common Name (CN): **Here, enter the human-friendly name of the SSL web administrative certificate you wish to generate. | ||
+ | |||
+ | **Regenerate: | ||
+ | |||
+ | **Save in NVRAM: **TBD. | ||
+ | |||
+ | **Remote Access: | ||
+ | |||
+ | * Disabled - This prevents all access to FreshTomato' | ||
+ | * HTTP - This allows web access to FreshTomato' | ||
+ | * HTTPS - This allows web access to FreshTomato' | ||
+ | |||
+ | \\ **Unmount JFFS during upgrade:** Checking this unmounts any existing JFFS partition during firmware upgrades. :-(! | ||
+ | |||
+ | **Allow Remote Upgrade:** Enabling this allows authenticated Internet/ | ||
+ | |||
+ | **Remote Access:** This menu lets you specify which, if any protocols will be allowed when remotely accessing the web interface. | ||
+ | |||
+ | * Disabled - No Remote access to the web interface will be permitted. | ||
+ | * HTTP - Remote access via the HTTP protocol will be permitted. | ||
+ | * HTTPS - Remote access via the HTTPS protocol will be permitted. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Allow Wireless Access: | ||
+ | |||
+ | **Directory with GUI files: | ||
+ | |||
+ | **Theme UI:** This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default). | ||
+ | |||
+ | **Open Menus: | ||
+ | |||
+ | |||
+ | ===== SSH Daemon ===== | ||
+ | |||
+ | Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN client devices. Setings in this section let you enable or disable the SSH Daemon and the Dropbear daemon, and configure their operation. | ||
+ | |||
+ | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | ||
+ | |||
+ | **Extended MOTD:** Checking this enables the Message of the Day function. This function displays a custom message when you first log in via Telnet. The message can be can be important information or updates about the system or just a personal greeting from the system administrator. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Remote Access: | ||
+ | |||
+ | **Remote Forwarding: **Checking this enables the Dropbear service. This service/ | ||
+ | |||
+ | For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ | ||
+ | |||
+ | **Port: **Here, you can enter the port number on which you want SSH traffic to flow. (Default: 22). Changing the port from the default is highly recommended, | ||
+ | |||
+ | **Allow Password Login: **Checking this allows clients to login via SSH with only FreshTomato' | ||
+ | |||
+ | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
+ | |||
+ | **Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. | ||
+ | |||
+ | |||
+ | ===== Telnet Daemon ===== | ||
+ | |||
+ | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not a secure protocol. | ||
+ | |||
+ | **Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | ||
+ | |||
+ | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. (Default: 23). | ||
+ | |||
+ | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. The Telnet daemon will restart at the next reboot (if Enable at Startup is checked). When the Telnet Daemon has stopped, this button will change to read "Start Now". Clicking Start Now immediately starts the Telnet Daemon. When Telnet is finished starting, the text on this button will change back to "Stop Now". | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ===== Admin Restrictions ===== | ||
+ | |||
+ | **Allowed Remote IP Address: | ||
+ | |||
+ | **Limit Connection Attempts: | ||
+ | |||
+ | Checking SSH limits the number of SSH connection attempts to number " | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | |||
+ | ===== Username/ | ||
+ | |||
+ | The Username/ | ||
+ | |||
+ | **Username: | ||
+ | |||
+ | **Password: | ||
+ | |||
+ | **Re-enter to confirm:** In this field, enter the password again to confirm it is correct. The password will be changed only when the text entered in this field and in the Password field match exactly. | ||
+ | |||
+ | {{: | ||
+ | |||