Ssh secure or not?


About ssh, on dd wrt the ssh option is disable by default cause it supposed to be not really safe but here it enable. I wonder why?

And , Ive configured my ssh putty + key authentification + passphrase.

Am i ok now, secure? And, Do i need to keep ssh disable in luci between my putty's session?

SSH access should be more secure than LuCI access in any imaginable case.


Ok but you need to secure ssh protocol more than just your web interface password?

  • The passwords are the same
  • Web (without HTTPS) is plain text, so obviously SSH is more secure

Do you have a specific how to make a key for SSH instead of a password?

(It seems you've completed that, though)

I've never heard that. I've heard this about Telnet; but not SSH.

Did you use a secure password?

NortonLifeLock Password Generator

(but you said you used a key...I'm really lost at what makes you think the SSH protocol is insecure...but a HTTP web interface is secure???)

1 Like

I think the default SSH configuration for OpenWrt is reasonable secure, at least for me personally it is secure enough to also expose it to the WAN.

Usually you do not need to take extra measures to protect your SSH access somehow except for choosing a good, strong password.

To further increase your SSH security you could switch to using keys instead of a password and disable SSH password login completely.


And the best is using ssh via ethernet cable to router I guess or even via wifi, no problem?

Thanks again

And if I disable the password login, it does not mean that I dont need a password anymore right?

Just to be sure .. for exemple, if I disable the ssh password login, I can't have access to a session in putty right? Dont know if I'm clear enough:-)

Can't PuTTY handle keys? If it cannot disabling password login won't allow you to use PuTTY. Personally, for WAN SSH connections I enforce keys.


Your WiFi security is another, is your WPA2 or greater AP secured with a good passphrase?

BTW, WiFi is disabled by default in OpenWrt; but please note the disabled settings are configured as Open. You must set this up as you desire (e.g. changing to your SSID from the default OpenWrt), do so securely and enable it yourself.

Regardless, SSH is you have an actual security concern in your inquires?

EDIT: Also, be careful making changes over WiFi that may cause you to loose connection to the router/AP.