Web interface router

1 question - is it possible to make sure that when you log into the web interface of the router, the root user is not visible? that is, to have an empty name or something else?

Question 2 - is it possible to do something so that the root user cannot connect via ssh at all, neither within the local network, nor from the outside world?

Do you still want to allow root logins? Or just to make it so the user field is not filled with root by default?

If this is a concern you're better off configuring uhttpd to bind to localhost only. Then nobody can access LuCI through any network interfaces. You can still access LuCI by SSH tunneling, which has the added benefit of using a proper secure tunnel and not plain HTTP connections.

Yes, but before you do this you need to set up additional Linux users with sudo capabilities or you will not be able to manage your device whatsoever.

Once you confirm that you can still manage your device with a non-root account, configure dropbear to disallow root logins entirely. This can be done using the RootLogin option in /etc/config/dropbear:

config dropbear
    option RootLogin 'off'
    ...

And while you're at it, set up public key authentication for your non-root account and disable password authentication using the PasswordAuth option, also in /etc/config/dropbear.

2 Likes

friend, please tell me how to make sure that root cannot log into the web interface at all, and also so that in the web interface the user field is either empty or something else is specified? thank you!

LuCI logins are controlled by rpcd. You can configure its behavior using login sections in /etc/config/rpcd. For example, the default LuCI login is given as follows:

config login
    option username 'root'
    option password '$p$root'
    list read '*'
    list write '*'

You can add/remove LuCI logins by adding/removing login sections in /etc/config/rpcd. Note that this is separate from Linux user accounts, this is only for HTTP access through rpcd (which is what LuCI depends on).

2 Likes

thank you very much friend!!!