Teltonika Networks Wiki

Changes

Template:Networking rutos manual administration (view source)

Revision as of 12:41, 2 September 2024

1,750 bytes added ,  2 September
→‎Access Control
Line 266: Line 266:  
----
 
----
 
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
 
The <b>Access Control</b> page is used to manage {{#switch:{{{series}}}|TAP100|TAP200=|#default= remote and}} local access to device.
 +
 +
{{#switch:{{{series}}}
 +
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general tap v1.png|border|class=tlt-border]]
 +
|#default = [[File:Networking rutos manual administration access control general v1.png|border|class=tlt-border]]}}
    
{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
 
{{#switch:{{{series}}}|TAP100|TAP200=|#default=<b>Important</b>: turning on remote access leaves your device vulnerable to external attackers. Make sure you use a strong password.
Line 271: Line 275:  
<b>SSH</b>
 
<b>SSH</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v2.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_ssh_tap100_v3.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v2.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking_rutos_manual_administration_access_control_general_ssh_v3.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 297: Line 301:  
     <tr>
 
     <tr>
 
         <td>Authentication type</td>
 
         <td>Authentication type</td>
         <td>Password {{!}} Key-based only {{!}} Use both; default: <b>Password</b></td>
+
         <td>Password {{!}} <span style="color:blue">Key-based only</span> {{!}} <span style="color:blue">Use both</span>; default: <b>Password</b></td>
 
         <td>
 
         <td>
 
             <li><b>Password</b> - SSH access with password for root user</li>
 
             <li><b>Password</b> - SSH access with password for root user</li>
Line 303: Line 307:  
             <li><b>Use Both</b> - use both password and public keys for authentication</li>
 
             <li><b>Use Both</b> - use both password and public keys for authentication</li>
 
         </td>
 
         </td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:blue">Public keys</span></td>
 +
        <td>-(input field)</td>
 +
        <td>Public keys for ssh key-based authentication. Each individual key must be specified on a new line.</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
 
<br>
 
<br>
<b>WebUI</b>
+
<b>HTTP</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general webui tap100 v2.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general http tap v1.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_webui_v2.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking rutos manual administration access control general http v1.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 321: Line 330:  
         <td>off {{!}} on; default: <b>on</b></td>
 
         <td>off {{!}} on; default: <b>on</b></td>
 
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
 
         <td>Turns HTTP access from the local network (LAN) to the device WebUI on or off.</td>
 +
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 +
    <tr>
 +
        <td>Enable remote HTTP access</td>
 +
        <td>off {{!}} on; default: <b>off</b></td>
 +
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
 +
    </tr>}}
 +
    <tr>
 +
        <td>HTTP Port</td>
 +
        <td>integer [0..65535]; default: <b>80</b></td>
 +
        <td>Selects which port to use for HTTP access.</td>
 +
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 +
    <tr>
 +
        <td>Ignore private IPs on public interface</td>
 +
        <td>off {{!}} on; default: <b>on</b></td>
 +
        <td>Prevent access from private (RFC1918) IPs on an interface if it has an public IP address.</td>
 +
    </tr>}}
 +
</table>
 +
 +
<br>
 +
<b>HTTPS/b>
 +
----{{#switch:{{{series}}}
 +
|TAP100|TAP200 = [[File:Networking rutos manual administration access control general https tap v1.png|border|class=tlt-border]]
 +
|#default = [[File:Networking rutos manual administration access control general https v1.png|border|class=tlt-border]]}}
 +
 +
<table class="nd-mantable">
 +
    <tr>
 +
        <th>Field</th>
 +
      <th>Value</th>
 +
      <th>Description</th>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 331: Line 369:  
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
 
         <td>Redirects connection attempts from HTTP to HTTPS.</td>
    </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
  −
    <tr>
  −
        <td>Enable remote HTTP access</td>
  −
        <td>off {{!}} on; default: <b>off</b></td>
  −
        <td>Turns HTTP access from remote networks (WAN) to the device WebUI on or off.</td>
  −
    </tr>}}
  −
    <tr>
  −
        <td>Port</td>
  −
        <td>integer [0..65535]; default: <b>80</b></td>
  −
        <td>Selects which port to use for HTTP access.</td>
   
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 
     </tr>{{#switch:{{{series}}}|TAP100|TAP200=|#default=
 
     <tr>
 
     <tr>
Line 348: Line 376:  
     </tr>}}
 
     </tr>}}
 
     <tr>
 
     <tr>
         <td>Port</td>
+
         <td>HTTPS Port</td>
 
         <td>integer [0..65535]; default: <b>443</b></td>
 
         <td>integer [0..65535]; default: <b>443</b></td>
 
         <td>Selects which port to use for HTTPS access.</td>
 
         <td>Selects which port to use for HTTPS access.</td>
Line 372: Line 400:  
         <td>Server key file.</td>
 
         <td>Server key file.</td>
 
     </tr>}}
 
     </tr>}}
 +
    <tr>
 +
        <td>Certificate file</td>
 +
        <td>.crt; default: <b>uhttpd.crt</b></td>
 +
        <td>Download certificate file from device. Used for browsers to reach HTTPS connection.</td>
 +
    </tr>
 
</table>
 
</table>
 +
 
<br>
 
<br>
 
<b>CLI</b>
 
<b>CLI</b>
 
----{{#switch:{{{series}}}
 
----{{#switch:{{{series}}}
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100.png|border|class=tlt-border]]
+
|TAP100|TAP200 = [[File:Networking_rutos_manual_administration_access_control_general_cli_tap100_v2.png|border|class=tlt-border]]
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli.png|border|class=tlt-border]]}}
+
|#default = [[File:Networking_rutos_manual_administration_access_control_general_cli_v2.png|border|class=tlt-border]]}}
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 409: Line 443:  
<b>Telnet</b>
 
<b>Telnet</b>
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_general_telnet.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_general_telnet v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 438: Line 472:  
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
 
<b>Note:</b> PAM is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.
   −
[[File:Networking_rutos_manual_administration_access_control_pam_v2.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pam_v3.png|border|class=tlt-border]]
    
====Modify PAM Auth====
 
====Modify PAM Auth====
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v1.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pam_modify_pam_auth_v2.png|border|class=tlt-border]]
    
<table class="nd-mantable">
 
<table class="nd-mantable">
Line 469: Line 503:  
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>off {{!}} on; default: <b>off</b></td>
 
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
 
         <td>Turn on PAM authentication for all users. It will allow login with users that are not created on the device.</td>
 +
    </tr>
 +
    <tr>
 +
        <td><span style="color:red">Radius</span>: Require Message-Authenticator</td>
 +
        <td>off {{!}} on; default: <b>on</b></td>
 +
        <td>Require and validate Message-Authenticator RADIUS attribute on Access-Request replies.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 498: Line 537:  
<b>IP Block Settings</b>  
 
<b>IP Block Settings</b>  
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_security_v4.png|border|class=tlt-border]]
+
[[File:Networking rutos manual administration access control security settings v1.png|border|class=tlt-border]]
 
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
Line 580: Line 619:  
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
 
{{#switch:{{{series}}}|TAP100|TAP200= ===Device Pairing===
 
----
 
----
[[File:Networking_rutos_manual_administration_access_control_pairing_v2.png|border|class=tlt-border]]
+
[[File:Networking_rutos_manual_administration_access_control_pairing_v3.png|border|class=tlt-border]]
 
<table class="nd-mantable">
 
<table class="nd-mantable">
 
     <tr>
 
     <tr>
Line 911: Line 950:  
===Root CA===
 
===Root CA===
 
----
 
----
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 300 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
+
The <b>Root CA</b> section is used to add a root CA certificate file to the device. There is a default file already preloaded on the device which will be overwritten by any uploaded file. The certificates must be in .pem format, maximum file size is 10 KB. These certificates are only needed if you want to use HTTPS for your services and the default file should be sufficient in most cases.
   −
[[File:Networking_rutos_manual_administration_access_control_root_ca_v1.png|border|class=tlt-border]]}}
+
[[File:Networking_rutos_manual_administration_access_control_root_ca_v2.png|border|class=tlt-border]]}}
    
==Profiles==
 
==Profiles==
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/131403...131805"