Tomato Remote Access and SSH

Discussion in 'Tomato Firmware' started by 2eyes1head, Dec 9, 2009.

  1. 2eyes1head

    2eyes1head Addicted to LI Member

    I want to log into Tomato remotely using Putty and establish a tunnel to Tomato for opening the Tomato web page by using the web address https://localhost:[my local port]. I can establish the SSH link with Putty. I have created a tunnel from a local port to Tomato's port 443 using Tomato's external IP address. In firefox I use https://localhost:[my local port], but I am still prompted for a username and password.
    Maybe I am not understanding SSH and the use of the keys. Do the keys not replace the need to log in with the username and password? I'm thinking that maybe the SSH just secures my data, but the login is still needed to access Tomato, right?
    Every time I log into the router I get the "This Connection is Untrusted" message from firefox and need to add an exception. How can I add this exception permanently?
    Why is it that even after unchecking the "Allow Password Login", I can still log in to Tomato without SSH, by just going to https://[my router's IP]?
    My main goal is to secure the router so that logging in is only possible with an SSH connection and the use of keys. Am I missing anything or should I change something?
    And my last question. Where can I find a good site with setup/configuration information for Tomato? The FAQ and WIKI pages don't seem to have much information and the search function of this forum is not working (at least my searches always returned nothing).

    Thank you very much.

    In Tomato version 1.27 here is my Admin Access setup:
    Web Admin
    Local Access: HTTPS
    HTTPS Port: 443
    Remote Access: HTTPS
    Port: 443
    SSH Daemon
    Enable at Startup: checked
    Remote Access: checked
    Remote Port: 4632
    Port: 46
    Allow Password Login: unchecked
    Authorized Keys: filled with key
  2. jan.n

    jan.n LI Guru Member

    Yes, that's the correct behaviour.

    The keys don't replace the authentication in your web-browser. Let me explain it like this: "This key-thing is just about ssh-stuff."


    In German that's "Ich kenne das Risiko", a translation would be "I know the risk". Check that part...

    You need to understand that there are two different types of authentication involved here. One is ssh, the other the webinterface. You can log in to Tomato without ssh by going to https... because you specified
    Remote Access: HTTPS
    Port: 443
    Set "Remote Access" to disabled. That disables the remote access to the webinterface. Note that this has nothing to do with your ssh access.

    This forum is my primary source for all information concerning tomato. I very rarely (i.e. almost never) have to google or ask elsewhere...

    The search shows results, just tried it. What were your search words?
  3. nvtweak

    nvtweak LI Guru Member

    Both HTTPS and SSH uses encryption. Therefore it's not necessary to use an SSH tunnel if you already have remote HTTPS enabled. And vice versa (it's not necessary to use HTTPS if you have remote SSH enabled).

    If you use SSH keys then no you don't need to provide a password for SSH access (unless of course you encrypted your private key using a passphrase).
  4. 2eyes1head

    2eyes1head Addicted to LI Member

    I am searching for the word "ssh" in all open forums, by anybody, in all post, any date, etc. The message I get is "Sorry - no matches. Please try some different terms."
  5. jan.n

    jan.n LI Guru Member

    I can confirm this issue...
  6. jan.n

    jan.n LI Guru Member

    I get results searching for the terms "victek" and "sshd", I don't get any searching for "ssh" though. Perhaps this forum requires more than 3 characters in search words?
  7. Planiwa

    Planiwa Network Guru Member


    tomato ssh key

    (very useful results)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice