FreshTomato Wiki

User Tools

Site Tools

Trace: custom_ssl_cert_local_cert_authority
custom_ssl_cert_local_cert_authority

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
custom_ssl_cert_local_cert_authority [2025/11/12 23:31] – [Set up Root with Elliptical Curve SSH Keys] hogwildcustom_ssl_cert_local_cert_authority [2025/11/13 01:57] (current) – [Prerequisites] -Formatting hogwild
Line 18: Line 18:
 ===== Prerequisites ===== ===== Prerequisites =====
  \\   \\ 
-  - A FreshTomato router with approximately 2.5 kB of free NVRAM. \\ (Check "Used / Total NVRAM" in the Overview menu) +  - A FreshTomato router with approximately 2.5 kB of free NVRAM. \\ (Check "Used / Total NVRAM" in the Overview menu) \\ \\ 
   - Any Linux distro with which you are comfortable. \\ The Certificate Authority will be built in the "/root/ca" directory.   - Any Linux distro with which you are comfortable. \\ The Certificate Authority will be built in the "/root/ca" directory.
  \\   \\ 
Line 434: Line 433:
 ==== Set up Root with Elliptical Curve SSH Keys ==== ==== Set up Root with Elliptical Curve SSH Keys ====
  
- \\  (This is done with root credentials because the certificates must be installed in FreshTomato. Using root access helps avoid unsecured steps in between). \\   \\  Change to the: "/root" directory: \\   \\   \\  ''cd /root'' \\   \\   \\   \\   \\ Generate a public and private SSH key pair using the Ed25519 hashing algorithm. Add a comment containing a default email address to the key: \\   \\   \\ ''ssh-keygen -t ed25519 -C "your_email@example.com"'' FIXME \\   \\   \\   \\   \\ Display the contents of the public SSH key file: "/root/.ssh/id_ed25519.pub": \\   \\   \\ ''cat /root/.ssh/id_ed25519.pub'' \\ (The contents should look similar to: "ssh-ed25519 AAA....Oo your_email@example.com" copy the whole thing) FIXME \\   \\   \\   \\   \\ Now, connect to the router's web interface and go to the Admin Access menu. In the SSH Server section, paste the output copied from the previous step in the "Authorized keys" section). \\   \\   \\ Uncheck: \\+\\  (This is done with root credentials because the certificates must be installed in FreshTomato. Using root access helps avoid unsecured steps in between). \\  \\  Change to the: "/root" directory: \\  \\  \\  ''cd /root'' \\  \\  \\  \\  \\  Generate a public/private SSH key pair using the Ed25519 hashing algorithm. Add a comment containing a default email address to the key: \\  \\  \\  ''ssh-keygen -t ed25519 -C "your_email@example.com"''\\  \\  \\  \\  \\  Display the contents of the public SSH key file: "/root/.ssh/id_ed25519.pub": \\  \\  \\  ''cat /root/.ssh/id_ed25519.pub'' \\  (The contents should look similar to: "ssh-ed25519 AAA....Oo your_email@example.com". Copy all of it for use in the next step.\\  \\  \\  \\  \\  Now, connect to the router's web interface and go to the Admin Access menu. In the SSH Server section, paste the output copied from the previous step in the "Authorized keys" section). \\  \\  \\  Uncheck: \\
  
   * "Allow password login"   * "Allow password login"
   *  "WAN access"   *  "WAN access"
  
- \\ Now, check: \\+\\  Now, check: \\
  
   * "Enable on Startup", then "Save." \\   * "Enable on Startup", then "Save." \\
  
- \\   \\   \\   \\ Finally, click "Start Now" to restart the SSH server. \\   \\   \\   \\+\\  \\  \\  \\  Finally, click "Start Now" to restart the SSH server. \\  \\  \\  \\
  
  
custom_ssl_cert_local_cert_authority.1762990276.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki