Is it possible to disable password if connecting from LAN to Luci?
It's a bit annoying to do enter it every time.
you can setup an ssh key
... or just don't set any.
not a good idea because i have exposed ssl port to WAN
This is actually not a good idea. If you need to be able to remotely access/administer the router, use a VPN. It's much more secure. The webserver is not hardened for exposure to the internet.
2 Likes
set up a 2nd web server, like lighttpd, for external access, have it use .htpasswd or some other way of authentication, and leave the luci pass empty.
agree with @psherman though.
1 Like
actually a good idea setting up a reverseproxy.
If you use HTTP basic auth, LuCI will automatically login if the passed credentials match. You could setup your reverse proxy to automatically add an authorization header for backend requests towards LuCI.
Another alternative is modifying /usr/share/luci/menu.d/luci-base.json and removing/emptying the auth: {} entries.
4 Likes
Is this still true? I tried adding the appropriate header via haproxy, which I've sat in front of nginx/luci, to no avail. Still definitely getting a login screen.
my haproxy config includes:
http-request add-header Authorization "Basic base64-encoded-user:pass-here