Teltonika Networks Wiki

Changes

Template:Networking rutos manual administration (view source)

Revision as of 12:41, 2 September 2024

2,057 bytes added ,  2 September
→‎Access Control
Line 107: Line 107:  
provides information about the fields contained in that section:
 
provides information about the fields contained in that section:
   −
[[File:Networking_rutos_ntp_general_gps_{{{gps}}}.png|border|class=tlt-border]]
+
[[File:Networking_rutos_ntp_general_gps_{{{gps}}}_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 137: Line 137:  
     </tr>|}}
 
     </tr>|}}
 
</table>
 
</table>
 +
 
===NTP===
 
===NTP===
 
----
 
----
Line 265: Line 266:  
----
 
----
 
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
 
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
 +
 +
{{#switch:{{{series}}}
 +
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general tap v1.png|border|class=tlt-border]]
 +
|#default = [[File:Networking rutos manual administration access control general v1.png|border|class=tlt-border]]}}
    
{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
 
{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
Line 270: Line 275:  
<b>SSH</b>
 
<b>SSH</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v1.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v3.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v1.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v3.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 295: Line 300:  
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td>Enable key-based authentication</td>
+
         <td>Authentication type</td>
         <td>off {{!}} on; default: <b>off</b></td>
+
         <td>Password {{!}} <span style="color:blue">Key-based only</span> {{!}} <span style="color:blue">Use both</span>; default: <b>Password</b></td>
         <td>Use public keys for authentication.</td>
+
         <td>
 +
            <li><b>Password</b> - SSH access with password for root user</li>
 +
            <li><b>Key-based only</b> - enables key-based authentication only and disables password authentication for root user</li>
 +
            <li><b>Use Both</b> - use both password and public keys for authentication</li>
 +
        </td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:blue">Public keys</span></td>
 +
        <td>-(input field)</td>
 +
        <td>Public keys for ssh key-based authentication. Each individual key must be specified on a new line.</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
 
<br>
 
<br>
<b>WebUI</b>
+
<b>HTTP</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_webui_tap100_v1.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general http tap v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_webui_v1.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking rutos manual administration access control general http v1.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 316: Line 330:  
         <td>off {{!}} on; default: <b>on</b></td>
 
         <td>off {{!}} on; default: <b>on</b></td>
 
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
 
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
 +
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 +
    <tr>
 +
        <td>Enable remote HTTP access</td>
 +
        <td>off {{!}} on; default: <b>off</b></td>
 +
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
 +
    </tr>}}
 +
    <tr>
 +
        <td>HTTP Port</td>
 +
        <td>integer [0..65535]; default: <b>80</b></td>
 +
        <td>Selects which port to use for HTTP access.</td>
 +
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 +
    <tr>
 +
        <td>Ignore private IPs on public interface</td>
 +
        <td>off {{!}} on; default: <b>on</b></td>
 +
        <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
 +
    </tr>}}
 +
</table>
 +
 +
<br>
 +
<b>HTTPS/b>
 +
----{{#switch:{{{series}}}
 +
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general https tap v1.png|border|class=tlt-border]]
 +
|#default = [[File:Networking rutos manual administration access control general https v1.png|border|class=tlt-border]]}}
 +
 +
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field</th>
 +
      <th>Value</th>
 +
      <th>Description</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 326: Line 369:  
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
 
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
  −
    <tr>
  −
        <td>Enable remote HTTP access</td>
  −
        <td>off {{!}} on; default: <b>off</b></td>
  −
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
  −
    </tr>}}
  −
    <tr>
  −
        <td>Port</td>
  −
        <td>integer [0..65535]; default: <b>80</b></td>
  −
        <td>Selects which port to use for HTTP access.</td>
   
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 
     <tr>
 
     <tr>
Line 343: Line 376:  
     </tr>}}
 
     </tr>}}
 
     <tr>
 
     <tr>
         <td>Port</td>
+
         <td>HTTPS Port</td>
 
         <td>integer [0..65535]; default: <b>443</b></td>
 
         <td>integer [0..65535]; default: <b>443</b></td>
 
         <td>Selects which port to use for HTTPS access.</td>
 
         <td>Selects which port to use for HTTPS access.</td>
Line 367: Line 400:  
         <td>Server key file.</td>
 
         <td>Server key file.</td>
 
     </tr>}}
 
     </tr>}}
 +
    <tr>
 +
        <td>Certificate file</td>
 +
        <td>.crt; default: <b>uhttpd.crt</b></td>
 +
        <td>Download certificate file from device. Used for browsers to reach HTTPS connection.</td>
 +
    </tr>
 
</table>
 
</table>
 +
 
<br>
 
<br>
 
<b>CLI</b>
 
<b>CLI</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100_v2.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli_v2.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 404: Line 443:  
<b>Telnet</b>
 
<b>Telnet</b>
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_general_telnet v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 433: Line 472:  
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
 
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
   −
[[File:Networking_rutos_manual_administration_access_control_pam_v2.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pam_v3.png|border|class=tlt-border]]
    
====Modify PAM Auth====
 
====Modify PAM Auth====
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 464: Line 503:  
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
 
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:red">Radius</span>: Require Message-Authenticator</td>
 +
        <td>off {{!}} on; default: <b>on</b></td>
 +
        <td>Require and validate Message-Authenticator RADIUS attribute on Access-Request replies.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 493: Line 537:  
<b>IP Block Settings</b>  
 
<b>IP Block Settings</b>  
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_security_v4.png|border|class=tlt-border]]
+
[[File:Networking rutos manual administration access control security settings v1.png|border|class=tlt-border]]
 
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
Line 575: Line 619:  
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
 
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_pairing_v2.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pairing_v3.png|border|class=tlt-border]]
 
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
Line 906: Line 950:  
===Root CA===
 
===Root CA===
 
----
 
----
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
+
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 10 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
   −
[[File:Networking_rutos_manual_administration_access_control_root_ca_v1.png|border|class=tlt-border]]}}
+
[[File:Networking_rutos_manual_administration_access_control_root_ca_v2.png|border|class=tlt-border]]}}
    
==Profiles==
 
==Profiles==
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/129130...131805"