This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
admin_access [2023/06/23 19:59] – -delete inappropriately-named page. Content moved to "admin-access" hogwild | admin_access [2023/06/23 21:33] (current) – [SSH Daemon] -condense, formatting hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Admin Access ====== | ||
+ | |||
+ | The Admin Access menu contains settings for who is allowed to administer the router and access the network, how those users connect, and more. The Admin Access menu is divided into sections. These sections include Web Admin, SSH Daemon, Telnet Daemon, Admin Restrictions and Username/ | ||
+ | |||
+ | |||
+ | ===== Web Admin ===== | ||
+ | |||
+ | The Web Admin section has settings to control who can access FreshTomato' | ||
+ | |||
+ | **Local Access: | ||
+ | |||
+ | * Disabled - Choosing this disables all LAN access to FreshTomato' | ||
+ | * HTTP - Choosing this allows LAN Ethernet clients to access the web interface via the HTTP protocol. | ||
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
+ | * HTTPS - Choosing this allows LAN Ethernet clients to access the web interface via the HTTPS (SSL-encrypted web) protocol. | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface via HTTPS. (Default: enabled). | ||
+ | * HTTP and HTTPS - Choosing this allows LAN Ethernet clients to access the web interface via both HTTP and HTTPS protocols. | ||
+ | * HTTP Port - Here, enter the port number on which you want HTTP administration traffic to flow. (Default: 80). | ||
+ | * HTTPS port: Here, enter the HTTPS port number to use. (appears only if HTTPS is among the chosen options). | ||
+ | * Allow Wireless Access - Checking this lets LAN WiFi clients access the web interface. (Default: enabled). | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | |||
+ | ==== SSL Certificate ==== | ||
+ | |||
+ | **Common Name (CN): **Here, enter the human-friendly name of the SSL web administrative certificate you wish to generate. | ||
+ | |||
+ | **Regenerate: | ||
+ | |||
+ | **Save in NVRAM: **TBD. | ||
+ | |||
+ | **Remote Access: | ||
+ | |||
+ | * Disabled - This prevents all access to FreshTomato' | ||
+ | * HTTP - This allows web access to FreshTomato' | ||
+ | * HTTPS - This allows web access to FreshTomato' | ||
+ | |||
+ | \\ **Unmount JFFS during upgrade:** Checking this unmounts any existing JFFS partition during firmware upgrades. :-(! | ||
+ | |||
+ | **Allow Remote Upgrade:** Enabling this allows authenticated Internet/ | ||
+ | |||
+ | **Remote Access:** This menu lets you specify which, if any protocols will be allowed when remotely accessing the web interface. | ||
+ | |||
+ | * Disabled - No Remote access to the web interface will be permitted. | ||
+ | * HTTP - Remote access via the HTTP protocol will be permitted. | ||
+ | * HTTPS - Remote access via the HTTPS protocol will be permitted. | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Allow Wireless Access: | ||
+ | |||
+ | **Directory with GUI files: | ||
+ | |||
+ | **Theme UI:** This lets you choose the color scheme (theme) used for the web interface pages. (Default: Default). | ||
+ | |||
+ | **Open Menus: | ||
+ | |||
+ | |||
+ | ===== SSH Daemon ===== | ||
+ | |||
+ | Secure SHell is a tunneling protocol that allows you to make secure local and remote connections to the FreshTomato router. With the help of the Dropbear service, it also allows you to make SSH connections //though //the router, to LAN clients. Setings here enable or disable the SSH and the Dropbear daemon, and configure their operation. | ||
+ | |||
+ | **Enable at Startup:** Checking this starts the SSH Daemon when the router boots. (Default: Enabled). | ||
+ | |||
+ | **Extended MOTD:** Checking this enables the Message of the Day function. This displays a custom message when you first log in via Telnet. The message can be important information, | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | \\ | ||
+ | |||
+ | **Remote Access: | ||
+ | |||
+ | **Remote Forwarding: **Checking this enables the Dropbear service. This service/ | ||
+ | |||
+ | For example, let's say you want to be able to access a Windows PC on your LAN via Remote Desktop, but you don't want the security risk of opening up a port for RDP to the Internet via standard Port Forwarding. Instead, you can make an SSH connection into the router with an SSH port tunnel/ | ||
+ | |||
+ | **Port: **Here, can enter the port number on which SSH traffic will flow. Changing from the default is recommended, | ||
+ | |||
+ | **Allow Password Login: **Checking this let clients login via SSH with only the normal administrative username and password. No authorized encryption key is needed. When disabled, SSH will require an authorized key to allow log on. | ||
+ | |||
+ | **Authorized Keys:** Here you can enter one or more encryption keys which authorize an SSH client to access to the LAN. | ||
+ | |||
+ | **Stop Now:** Clicking this button immediately stops the SSH daemon. SSH will start again at the next bootup. After clicking Stop Now, the button will display as "Start Now". Clicking this will immediately start the SSH daemon. | ||
+ | |||
+ | |||
+ | ===== Telnet Daemon ===== | ||
+ | |||
+ | (Terminal EmuLation over the NEtwork) is a protocol which allows LAN and remote connections via a command-line interface. Unlike SSH, Telnet is not a secure protocol. | ||
+ | |||
+ | **Enable at Startup: | ||
+ | |||
+ | **Port: | ||
+ | |||
+ | **Stop Now / Start Now: **Clicking this button immediately stops the Telnet Daemon. The daemon will restart at the next reboot (if Enable at Startup is checked). When the Daemon has stopped, this button will display as "Start Now". Clicking Start Now immediately starts the Daemon. When Telnet is finished starting, the text on this button will change back to "Stop Now". | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | ===== Admin Restrictions ===== | ||
+ | |||
+ | **Allowed Remote IP Address: | ||
+ | |||
+ | **Limit Connection Attempts: | ||
+ | |||
+ | Checking SSH limits the number of SSH connection attempts to number " | ||
+ | |||
+ | \\ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | |||
+ | ===== Username/ | ||
+ | |||
+ | Here, you can set FreshTomato' | ||
+ | |||
+ | **Username: | ||
+ | |||
+ | **Password: | ||
+ | |||
+ | **Re-enter to confirm: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||
+ | \\ | ||
+ | |||