Is it ok to disable SSH through Web GUI?

As i have physical access to the router and have no plans on remote access is it ok to disable SSH?

If i understand it correctly i can still use SSH in fail safe mode if i have a bad system upgrade?

Thanks

I would rather keep SSH, but block external connections, if that is what worries you.

4 Likes

Unless you have severe problems with RAM exhaustion, SSH is generally considered more secure than HTTP, and at least as secure as HTTPS.

5 Likes

…and if you are fighting with RAM exhaustion, luci/ uhttpd (ustream-ssl) would be the last thing you'd want to leave running, as those need considerably more resources than a ssh session.

6 Likes

It is a bad idea. It doesn't use too many resources and you never know when you might need it. Moreover it can be fine tuned for security, such as logging in with keys.

4 Likes

LOL , i found out the importance of keeping SSH about 10mins after starting this thread. :grinning:

I've installed OpenWrt on a Linksys EA6350 and Luci isn't working, all i have at the moment is SSH and Ping working on 192.168.1.1

Thanks all

2 Likes

Does firmware marked as Snapshot mean i have to install Luci?

That's correct.

2 Likes

Thanks tmomas

Does that mean the post in this thread by Borromini that Luci has been added 19.07 is incorrect?

Snapshot and version 19 are not the same thing.

2 Likes

People using terms like latest snapshot of 19 or daily builds makes things confusing , going between here the wiki and google and terminology that you have never heard before is like trying to learn a foreign language from reading a dictionary where you don't understand the words or how to pronounce them.

Hopefully it will sink in at some point so i will start sounding like a expert and can help others from this steep learning curve.:grinning:

2 Likes

I completely understand. Here's a direct link to the subject in the Wiki:

https://openwrt.org/releases/snapshot

And a simple "learning table":

https://openwrt.org/playground/snapshot

Sorry if this feels like 1 step forward and 3 backwards but i'm still totally confused.

here is the version i installed:

https://openwrt.org/toh/linksys/linksys_ea6350_v3

I didn't have Luci and since found out you need to install it yourself as snapshots don't include them.

here is the version that people said in another thread includes Luci and as you said as well 19 isn't a snapshot.

https://downloads.openwrt.org/releases/19.07-SNAPSHOT/targets/ipq40xx/generic/

But at the top it says snapshot , not sure if i'm articulating myself very well but can you see how confusing it is with what people say on here and the Wiki and alike seems to contradict itself.

If the forum and the wiki doesn't contradict itself and makes complete sense then i'm embarrassed for being a complete idiot. :grinning:

I haven't checked that particular image, but the rule of thumb is that regular snapshots don't include LuCI. If that build you are referring to includes LuCI it could be that it's because it's near-release, but marked as snapshot to let people know it's bit an offecial release yet.

Anyway, if you install an image and it had LuCI then you don't install it; if it doesn't have it then you install it if you want.

1 Like

Well this is proving to be a painful experience!

I scp installed the 19 snapshot (that isn't a snapshot) and got Luci but by the wiki i now have to install SSL as that doesn't come as standard even though it expresses it as a security concern.

I can't get on the internet to install SSL as Luci refuses to save Wan Mac address changes , Lan override works but that's no use to me so i put it back to to the default address.

Its starting feel like a house where you have to put in all the windows , doors and locks without any tools or DIY skills. :grinning:

Sounds like a new thread around what you’re trying to accomplish with MAC changes may help. It’s not a common thing to change.

At least on v19 you should be able to install LuCI-nginx for TLS.

1 Like

I'll ask in the EA6300 thread as i'm unsure if this is a Luci issue or the EA6350 sysupgrade , the option is there in Luci but it doesn't do anything.

Thanks for the heads up on nginx , i'll try and get my Wan fixed first as there is a lot to read.

Since that isn't a support thread, but one that long ago was about developing the code for the device, at least in my opinion, your own would be more appropriate (your issue is also likely very general)

Thanks but i already posted before seeing your post. :grinning:

If it doesn't get a reply i'll try a new thread as all i need now is to fix Wan and SSL for Luci and i'm pretty much sorted by the looks of it as all the other default settings seem pretty much the same as my previous router.

Yes. failsafe mode ignores your configuration and uses default config, so whatever you changed (enabled/disabled services, changed IP, installed packages) will be ignored and you will find your device in its default state.

1 Like