Connect to webUI only via SSH?

ForeverNoob · July 25, 2021, 5:41pm

Hi,

I would like to disable connecting to the webUI (be it (re)Foris or LuCi) via HTTP(S) and only be able to do it via an SSH tunnel.

I’ve managed to successfully connect via the SSH tunnel using this guide.
The guide furthermore talks about disabling uhttpd, but:

Instead of uhttpd, TOS seems to have lighttpd
I don’t want to disable the HTTP server, I only want it to listen on my Omnia’s localhost.

I checked around in /etc/lighttpd/ but it seems like many of its configs are automatically generated? If so, what is the best method of achieving this?

Thanks in advance.

lucenera · July 25, 2021, 6:17pm

Some time ago I wrote this by adapting the OpenWrt guide, it could be for you:
Accessing Web Interface Securely [Turris wiki]

vcunat · July 25, 2021, 7:09pm

or you might use firewall to block it only from outside (and keep direct access from LAN). But anyway, you could use a strong generated password in a password manager.

ForeverNoob · July 25, 2021, 11:14pm

Thanks, this seemed to have worked. Though, will the applied settings be returned to default once I update?

ForeverNoob · July 25, 2021, 11:16pm

That is certainly a possibility, but I feel exposing sshd to be a bit less risky than a web server in this case.

lucenera · July 26, 2021, 10:22am

The configuration remains the same even after any updates, unless the update changes the web server or other low-level parts inherent to the web interface, but I don’t think this is the case.

system · July 29, 2021, 10:23am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.