Difference between revisions of "Manual:IP/SSH"
|Line 35:||Line 35:|
Revision as of 12:08, 18 December 2018
This menu controls if ssh server behaviour regarding port forward and authentication methods.
|forwarding-enabled (no|yes default:no)||controls ssh port forwarding|
|always-allow-password-login (no|yes default:no)||controls ssh authentication methods, if set to yes, does not remove form allowed methods password_login|
|export-host-key||exports router private RSA and DSA key|
|import-host-key||replace DSA or RSA with key provided for import. Be aware that previously imported ssh keys might stop working after key change.|
|regenerate-host-key||generated new set of private keys (DSA and RSA) on the router and replaces current ones in use. Be aware that previously imported ssh keys might stop working after key change.|
|strong-crypto (no|yes default:no)|| Introduces following changes in ssh configuration:
To use forwarding-enabled feature from Linux host using OpenSSH client this command can be used:
ssh reamoteuser@remotehost -L port:remotehost:remoteport
- remoteuser - user of router
- remotehost - router address (if host name is used in -L settings, router should be able to resolve this name)
- port - local port that your host will listen on
- remoteport - port on the router
If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:
ssh email@example.com -L 3000:192.168.88.1:23
now when user uses telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.