This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
admin_access [2021/06/23 03:22] – old revision restored (2021/06/23 02:22) hogwild | admin_access [2023/06/23 21:33] (current) – [SSH Daemon] -condense, formatting hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Admin Access ====== | ====== Admin Access ====== | ||
- | The Admin Access menu contains settings for who is allowed to administer the router and access the network, how those users can connect, and related settings. The Admin Access menu is divided into sections. | + | The Admin Access menu contains settings for who is allowed to administer the router and access the network, how those users connect, and more. The Admin Access menu is divided into sections. |
- | ===== Web Admin ===== | ||
- | The Web Admin section has settings to control who can access FreshTomato' | + | ===== Web Admin ===== |
- | ==== Local Access ==== | + | The Web Admin section has settings to control who can access FreshTomato' |
- | This menu contains choices to control | + | **Local Access: |
- | * Disabled: Choosing this disables all access to FreshTomato' | + | * Disabled |
- | * HTTP Port: Choosing this allows LAN client access | + | * HTTP - Choosing this allows LAN Ethernet clients |
- | * HTTPS: Choosing this allows LAN client access | + | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). |
- | * HTTP and HTTPS: Choosing this allows LAN client | + | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). |
+ | * HTTPS - Choosing this allows LAN Ethernet clients | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface via HTTPS. (Default: enabled). | ||
+ | * HTTP and HTTPS - Choosing this allows LAN Ethernet clients to access | ||
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
- | **HTTP Port:** In this field, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | + | \\ |
[[https:// | [[https:// | ||
- | **HTTPS port:** Here, enter the https port number you wish to use. (This option appears only if HTTPS is among the chosen options). | + | \\ |
==== SSL Certificate ==== | ==== SSL Certificate ==== | ||
- | **Common Name (CN):** | + | **Common Name (CN): **Here, enter the human-friendly name of the SSL web administrative certificate you wish to generate. |
- | **Regenerate: | + | **Regenerate: |
- | **Save in NVRAM:** | + | **Save in NVRAM: **TBD. |
- | **Remote Access: | + | **Remote Access: |
- | * Disabled: This prevents all access to FreshTomato' | + | * Disabled |
- | * HTTP: This allows web access to FreshTomato' | + | * HTTP - This allows web access to FreshTomato' |
- | * HTTPS: This allows web access to FreshTomato' | + | * HTTPS - This allows web access to FreshTomato' |
- | **Allow Wireless Access:** Checking this allows wireless clients, as well as Ethernet clients to access the web interface. | + | |
- | **Directory with GUI files:** Here, you can select the directory which contains the files which provide the graphical web interface. \\ CAUTION: It is not recommended you change | + | **Allow Remote Upgrade:** Enabling |
- | **Color Scheme:** Here, you can choose the color scheme used for the web interface pages. | + | **Remote Access:** This menu lets you specify which, if any protocols will be allowed when remotely accessing the web interface. |
+ | |||
+ | * Disabled - No Remote access to the web interface will be permitted. | ||
+ | * HTTP - Remote access via the HTTP protocol will be permitted. | ||
+ | * HTTPS - Remote access via the HTTPS protocol will be permitted. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Allow Wireless Access: | ||
+ | |||
+ | **Directory with GUI files:** Here, select the directory which contains the files that provide the graphical web interface. \\ CAUTION: Do not change this setting unless you're experienced. An error could prevent you from accessing the web interface. | ||
+ | |||
+ | **Theme UI:** This lets you choose the color scheme | ||
+ | |||
+ | **Open Menus: | ||
- | **Open Menus: | ||
===== SSH Daemon ===== | ===== SSH Daemon ===== | ||
- | **S**ecure **SH**ell | + | Secure SHell is a tunneling protocol |
**Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | ||
- | **Extended MOTD:** Checking this enables the Message of the Day function. This function | + | **Extended MOTD:** Checking this enables the Message of the Day function. This displays a custom message when you first log in via Telnet. The message can be important information, updates about the system or just a personal greeting. |
+ | |||
+ | \\ | ||
[[https:// | [[https:// | ||
- | **Remote Access:** Checking this allows SSH connections from remote (WAN/ | + | \\ |
- | **Remote | + | **Remote |
- | **Port: **Here, you can enter the port number | + | **Remote Forwarding: **Checking this enables |
- | **Allow Password Login: **Checking this allows | + | For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ |
+ | |||
+ | **Port: **Here, can enter the port number on which SSH traffic will flow. Changing from the default is recommended, | ||
+ | |||
+ | **Allow Password Login: **Checking this let clients login via SSH with only the normal | ||
**Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
+ | |||
+ | **Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. After clicking Stop Now, the button will display as "Start Now". Clicking this will immediately start the SSH daemon. | ||
+ | |||
===== Telnet Daemon ===== | ===== Telnet Daemon ===== | ||
- | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Telnet is not a secure protocol. | + | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. |
- | **Enable at Startup:** Checking this enables the Telnet Daemon, allowing connections to FreshTomato via Telnet. | + | **Enable at Startup: |
- | **Port:** Here, you can enter the port number on which Telnet connections will be made to the router. | + | **Port: |
- | **Stop Now / Start Now. **Clicking this button immediately stops the Telnet Daemon. | + | **Stop Now / Start Now: |
+ | |||
+ | \\ | ||
{{: | {{: | ||
+ | |||
===== Admin Restrictions ===== | ===== Admin Restrictions ===== | ||
- | **Allowed Remote IP Address:** Here, you can specify | + | **Allowed Remote IP Address: |
+ | |||
+ | **Limit Connection Attempts: | ||
- | **Limit Connection Attempts: **Here, you can specify whether you want SSH or Telnet | + | Checking SSH limits the number of SSH connection attempts to number |
- | Checking SSH limits the number of SSH connection attempts to number n at frequency f (in seconds). Checking Telnet limits the number of Telnet connection attempts to number n at frequency s (in seconds). | + | \\ |
[[https:// | [[https:// | ||
+ | |||
===== Username/ | ===== Username/ | ||
- | The Username/ | + | Here, you can set FreshTomato' |
- | **Username: | + | **Username: |
- | **Password: | + | **Password: |
- | **Re-enter to confirm:** In this field, | + | **Re-enter to confirm: |
+ | |||
+ | \\ | ||
{{: | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||