Securing OpenWRT
Enabling HTTPS:
Install Required Packages:
2. Restart httpd server
This will generate the certificate:
Optionally remove the key generator:
3. Disable or rebind router listening on plain HTTP
:
Disable:
Or rebind all
LAN
connections to redirectHTTP
toHTTPS
Restart
HTTPD
This should be reachable via HTTPS now. Done!
Setting up the root password:
LuCI
Navigate to
LuCI
-->System
-->Administration
-->Router Password
Enter new password
Click
Save & Apply
CLI
Done!
SSH Access:
Do not offer access from the Internet at all
Create a non-privaleged user:
Add user:
Change user
password
:
Create user
home
:
Add entry:
Add user to
sudo
:
Install sudo:
Modify sudoers
file to use sudo
with root
password prompt:
or
Uncomment the following lines:
This method is more secure because you don't need to protect both root and privileged (sudoer) users to keep the whole system safe.
Add
SSH
Key to newUser
:
Add Public Key to file
Note: OpenWRT
only works with RSA
Keys. ed25519
Keys will not work!
Modify Port & Authentication
Navigate to
System
-->Administration
Click on
SSH Access
Change
Port
Disable
Password authentication
Disable
Allow root logins with password
Save & Apply
Done!
Disable IPV6:
Last updated