Posts | Tags | Archive

Securely Access Your Tomato Router Remotely

Note

This post is heinously out of date but I'm keeping it around for historical purposes anyway

While I was configuring Wake-on-LAN for my computers I took some time to enable remote access to my Tomato router and secure it properly, this forum post was especially helpful. Under Administration->Admin Access the most important settings are:

  • Under Local Access choose HTTP & HTTPS or just HTTPS, the default ports of 80 and 443 respectively are fine, as this is behind the firewall that is your router.

  • Under Remote Access select HTTPS and choose an unused port, something like 2525 or 8998.

  • For the SSH Daemon check Enable at Startup, Remote Access, choose an unused port for Remote Port as above, check Remote Forwarding and leave at the default port of 22 and check Allow Password Login.

  • Disable Telnet Daemon, it’s too insecure to ever consider using. Also you can Limit Connection Attempts to some low-ish number for bonus security.

  • Finally choose Password that isn’t embarrassingly easy to crack, such as happened with Anonymous vs HBGary and Gawker accounts recently.

Instead of Allow Password Login some people prefer use the Authorized Keys option, which is fine as it is generally more secure than a password, but also more of a hassle in a home network setting. Since you can already log into the router’s interface with a password what is the big deal about using SSH with a password? Nothing that’s what. If you’d like to go the Key route this is a good walkthrough using PuTTYgen.

Speaking of PuTTY you should go download it, as it is the best SSH client available for windows and it’s free. If you’re not familiar with PuTTY this is a handy guide. Now you should be able to connect to your router remotely though your WAN IP (easier if you’ve setup a DynDNS account) and the Remote Access port you selected above. In a pinch you can also use SSH from your iPhone but from what I’ve read the only free SSH app is the Rove Mobile Admin Client, of course there are plenty of paid ones such as iSSH if you’ve got $10 to blow.

Tomato admin setup

© Justin Montgomery. Built using Pelican. Theme is subtle by Carey Metcalfe. Based on svbhack by Giulio Fidente.