External SSH
From DD-WRT Wiki
(Difference between revisions)
Revision as of 02:15, 3 September 2006 (edit) Drakcap (Talk | contribs) (rv. spam (great, that's just great)) ← Previous diff |
Revision as of 20:07, 20 October 2006 (edit) (undo) MarkDucadi (Talk | contribs) (→Warning!) Next diff → |
||
Line 55: | Line 55: | ||
=Warning!= | =Warning!= | ||
'''It's not too secure to set up SSH access like that. Be sure to choose a long and secure password or even better use [[Telnet/SSH_and_the_Command_Line#Setting_Up_2|Public Key Method]]. Otherwise someone could succeed to hack your router by a [http://en.wikipedia.org/wiki/Brute_force_attack Brute Force Attack].''' | '''It's not too secure to set up SSH access like that. Be sure to choose a long and secure password or even better use [[Telnet/SSH_and_the_Command_Line#Setting_Up_2|Public Key Method]]. Otherwise someone could succeed to hack your router by a [http://en.wikipedia.org/wiki/Brute_force_attack Brute Force Attack].''' | ||
+ | Also go through [http://blog.eukhost.com/2006/09/11/system-security-optimization-and-hardening/ System Security] to learn how to secure your Linux Server. | ||
[[Category:basic HOWTO]] | [[Category:basic HOWTO]] | ||
Revision as of 20:07, 20 October 2006
Contents |
Setup SSH access from Internet
DD-WRT v23 SP1 or later
Ensure SSH Enabled
- Goto the Administration tab and the Services sub-tab on the Web_Interface
- Enable "SSHd" is under the section titled "Secure Shell"
- Choose an appropriate port (The default is 22, but is recommended you change to a non-standard port above 1024 because of security)
- Apply Settings if needed
REFERENCES: Telnet/SSH_and_the_Command_Line#SSH or Sections 1.1 and 1.2 of [1]
Enable Remote Access
- Goto the Administration tab and the Management sub-tab on the Web_Interface
- Enable "SSH Management" under the section titled "Remote Access"
- Apply Settings
Disabling Remote Access
- Goto the Administration tab and the Management sub-tab on the Web_Interface
- Disable "SSH Management" under the section titled "Remote Access"
- Apply Settings
DD-WRT v23 or Earlier
Ensure SSH Enabled
- Goto the Administration tab and the Services sub-tab on the Web_Interface
- Enable "SSHd" is under the section titled "Secure Shell"
- Choose an appropriate port (The default is 22, but is recommended you change to a non-standard port above 1024 because of security)
- Apply Settings if needed
REFERENCES: Telnet/SSH_and_the_Command_Line#SSH or Sections 1.1 and 1.2 of [2]
Enable Remote Access
- Goto the Administration tab and the Diagnostics sub-tab.
- Add the following to the text area:
/usr/sbin/iptables -I INPUT -p tcp --dport $(nvram get sshd_port) -j logaccept
- Save as Firewall Script
Disabling Remote Access
- Goto the Administration tab and the Diagnostics sub-tab.
- Add the following to the text area:
/usr/sbin/iptables -D INPUT 1
- Save as Firewall Script
Warning!
It's not too secure to set up SSH access like that. Be sure to choose a long and secure password or even better use Public Key Method. Otherwise someone could succeed to hack your router by a Brute Force Attack. Also go through System Security to learn how to secure your Linux Server.
The above method is obsolete at this time: You should only now need to go to Administration->Management->Remote Access->SSH Management and enable it, specifying the port you wish to enable WAN access to.