(SOLVED)accessing the gui locally as localhost via ssh

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
2disbetter
DD-WRT User


Joined: 26 Jan 2010
Posts: 55
Location: Florida

PostPosted: Tue Feb 02, 2010 12:12    Post subject: (SOLVED)accessing the gui locally as localhost via ssh Reply with quote
So I've read the wiki, and searched for a couple hours for threads detailing an answer to no luck.

This is what the wiki says:

Quote:
Open up your SSH client and set up a Local port forward to destination localhost:80. Once the SSH connection is up, now you connect to your own machine's source port eg. http://localhost:81 and it creates a secure tunnel to the Web Interface of the router. No more worries about someone spying on your router's traffic and/or password!

[edit] Requirements
Remote SSH Management should be enabled, under Administration -> Management. (Note: For local forwards, this is only required if you're SSH'ing directly into the router from the WAN. Local forwards can be of many other uses as well, such as tunneling traffic between two LAN machines, or even over the Internet.)
[edit] Setup
Setting up a local port forward is relatively straightforward when using the PuTTY utility under Windows. See Connections -> SSH -> Tunnels. Make sure your configuration includes parameters as illustrated above. Namely,

Source port (port # on your computer)
Destination IPAddress:Port (target machine and port #)
Type: Local


I have the tunnel setup in putty and on another openssh client.

However how do I actually get to the gui? Through the web broswer via http://localhost:81? Everytime I try this I get unavailible error from the browser. I know I'm doing something wrong as it should work.

The wiki is kind of vague on this though.

For reference, I have the ssh port set to 22010 on the router. I have SSH TCP forwarding on. I can connect to the router via ssh. I can wake local machines, so I know the connection is solid, just need to go maybe 2 more steps and I'll have the entire thing finally setup.

After I can get this working, I'll be disabling remote gui altogether.

Thanks for any and all help! DD-WRT friggin rules.

2d

Edit: Had the tunnel setup wrong. I'm going to edit the wiki with a bit more detailed explanation on this.

_________________
Asus RT-N16 - Kong 22000++
Sponsor
Traulinger
DD-WRT Novice


Joined: 24 Apr 2008
Posts: 38

PostPosted: Tue Feb 02, 2010 14:21    Post subject: Awesome Reply with quote
Glad to hear you were able to figure it out. I eagerly await your update to the wiki. I have been working on this exact issue for a couple weeks now with no positive results.

I am able to SSH into the router and I am even able to remote desktop into a local machine down the tunnel, so I know that part is working correctly.

This issue has been discussed numerous times here on the forum (as indicated by a forum search), and I had read every possible discussion and Wiki entry, yet I was unable to get it working successfully.

If you don't mind, would you consider posting your write-up here in addition to the Wiki? I know many people would benefit from your information and they may not necessarily assume the Wiki has been updated.

Regards!
2disbetter
DD-WRT User


Joined: 26 Jan 2010
Posts: 55
Location: Florida

PostPosted: Tue Feb 02, 2010 20:01    Post subject: Reply with quote
Sure man I'll give it a crack:

So since your able to connect to your router via ssh and see the ww-drt shell, you should be ready to go. I've found that the problem is on the client side, as the router is most likely already configured, but just to recap:

Under services in addition to sshd being enabled you need to have ssh tcp forwarded also enabled. Below this is a port number. This number should match the same one under the administration-->management page which we'll get to in a minute. Also here you'll need to also decide if you want to be able to log in via password (the router password) or if you want to use a public key. If you want to use a public key you'll need to get it from the client, and copy it into the space below. The wiki details how the key has to be setup including spacing and formating. I am using just password. Once that is all set, save and apply the settings.

Then go to Administration-->management tab. Under here make sure web gui is disabled under remote access. Then ensure ssh management is enabled, also make sure the port matches the one you set on the services page. (Tip: use a port number higher than > 1024, and don't use the default as indicated in the wiki) I also disabled telenet as ssh is superior and more secure.

click save, and apply.

Your ready for the client setup.

In putty, you need to enter the url and port number you configured in the router pages. (in this example I'll just pretend we set the port to 33555, we'll also use a made up dns url: example.dyndns.org)

So for putty you will enter the example.dyndns.org into the host name spot and 33555 into the port area. Then under connection-->ssh-->tunnels you'dd add a new forwarded port. The source is going to be 33555, and the destination is 127.0.0.1:80 (or localhost:80). You will want to check all of the options you need, such as local, auto, and remote for the conditions. If you have local and auto checked you should be good, if not check remote and it should work as well.

Save all of that so you don't have to do it again, and then click open. You'll be prompted for a user name which is root (even if you've changed the routers user name as per the wiki), and then the router password (which you set in the GUI). Once you see the dd-wrt shell you're ready to fire up your web browser.

once the browser is up type: http://localhost:33555 into the address bar. From here you'll be prompted for your user name and password, after putting them in, tada, you're in!

Let me know if you need anything else clarified.

2d

_________________
Asus RT-N16 - Kong 22000++
Traulinger
DD-WRT Novice


Joined: 24 Apr 2008
Posts: 38

PostPosted: Wed Feb 03, 2010 3:34    Post subject: Thanks Reply with quote
Thanks for the write up. I ended up getting it working tonight, though, I feel like what I ended up having to do is exactly what I had tried to do many times before.

For me, I setup a tunnel in putty that was:
- Source port: 80
- Destination: localhost:80
- local
- auto

Once I established the SSH tunnel to the router, I opened up a browser and went to http://localhost:80. It pulled up the DD-WRT web gui through the tunnel.

Anyway, thanks again for your assistance.
2disbetter
DD-WRT User


Joined: 26 Jan 2010
Posts: 55
Location: Florida

PostPosted: Wed Feb 03, 2010 8:05    Post subject: Reply with quote
Yep that will work locally, and maybe even remotely. I know on linux boxes you need to have root to be able to share port 80 via tunneling. I prefered to use a different port though as port 80 is a pretty obvious one for an attack. Of course if you're only doing this locally it doesn't really matter as you're NAT should have you covered.

2d

_________________
Asus RT-N16 - Kong 22000++
Traulinger
DD-WRT Novice


Joined: 24 Apr 2008
Posts: 38

PostPosted: Wed Feb 03, 2010 22:39    Post subject: Reply with quote
If by "locally" you mean local\auto on the tunnel type, then yes, it worked. Obviously, if I'm on the home network I don't have a need for SSH tunneling into the router in order to access the gui.

I'm not sure what happens if you chose remote. My understanding is, and maybe I'm wrong, but you chose local because the tunnel in essence makes you local (kind of live a VPN). Again, I'm the wrong person to ask about that. Maybe someone who knows more than me can offer their insight.

Lastly, using port 80 shouldn't be an issue because the traffic is down the tunnel, so it's not as if I am accessing the gui remotely wide open outside of the tunnel on port 80. I am thinking correctly, right?
2disbetter
DD-WRT User


Joined: 26 Jan 2010
Posts: 55
Location: Florida

PostPosted: Thu Feb 04, 2010 7:33    Post subject: Reply with quote
Traulinger wrote:
If by "locally" you mean local\auto on the tunnel type, then yes, it worked. Obviously, if I'm on the home network I don't have a need for SSH tunneling into the router in order to access the gui.

I'm not sure what happens if you chose remote. My understanding is, and maybe I'm wrong, but you chose local because the tunnel in essence makes you local (kind of live a VPN). Again, I'm the wrong person to ask about that. Maybe someone who knows more than me can offer their insight.

Lastly, using port 80 shouldn't be an issue because the traffic is down the tunnel, so it's not as if I am accessing the gui remotely wide open outside of the tunnel on port 80. I am thinking correctly, right?


Yes I just misunderstood your location. By local I mean you are on the LAN itself trying to access the router. Remote would be if you are on an internet connection across the street trying to connect.

Also you're right about the port, you're within the local network and outside traffic can't see you anyway. (or shouldn't be able to at least)

2d

_________________
Asus RT-N16 - Kong 22000++
m00nman
DD-WRT User


Joined: 14 Jan 2009
Posts: 406
Location: AB, Canada

PostPosted: Fri Feb 05, 2010 10:00    Post subject: Reply with quote
There's a different way too that will let you use ssh tunnel as a proxy and will let you access the webgui too.

In windows using putty as you did before setup a tunnel with an unused port (9999 for example). Save.

In linux: "ssh root@<your router's ip> -D9999"

Open up the browser and set up a proxy: SOCKS, localhost:9999

Now as long as you the http tunnel you can browse the web or access the router's gui with 192.168.1.1

_________________

Nethear R6300 v2 - Latest Kong dd-wrt always
Linksys E3000 - Latest dd-wrt always
Asus RT-N56U - OpenWRT trunk
palswim
DD-WRT Novice


Joined: 18 Nov 2008
Posts: 15

PostPosted: Mon Mar 01, 2010 23:09    Post subject: Reply with quote
There's a section in the wiki saying:
Quote:
Suppose you have enabled remote SSH management on your router so that you can access it from anywhere on the internet. You wisely left remote HTTP and HTTPS management disabled (HTTP because it's insecure over the internet, HTTPS because it's resource intensive) but now you can't connect directly to the Web Interface of your router... or so you thought Wink
This is where SSH port forwarding comes in.


How resource-intensive is HTTPS relative to HTTP with SSL port forwarding? Call me naïve, but it seems like exactly the same thing (or at least the same method that uses the majority of the resources).
blaughtmon
DD-WRT User


Joined: 29 Mar 2010
Posts: 115

PostPosted: Wed Sep 22, 2010 22:24    Post subject: Reply with quote
2disbetter

You da man! Thanks.
mad_catmk2
DD-WRT Novice


Joined: 07 Mar 2011
Posts: 1

PostPosted: Tue Mar 08, 2011 4:15    Post subject: Reply with quote
@2disbetter or others

I followed this guide and got ssh terminal + gui to work...a few times.

Now when I try to do it again, the ssh tunnel with putty works, but am unable to open the gui using localhost:port in a browser.

Any ideas?

Running Linksys E2000 build 14929 usb-std-ftp (recommended wiki build)
alongcor
DD-WRT Novice


Joined: 24 Mar 2011
Posts: 2

PostPosted: Thu Mar 24, 2011 5:11    Post subject: DNS URL? Reply with quote
2disbetter wrote:

In putty, you need to enter the url and port number you configured in the router pages. (in this example I'll just pretend we set the port to 33555, we'll also use a made up dns url: example.dyndns.org)


Sorry I'm pretty new to all of this, but when you say we need to enter the URL in Putty...exactly what URL are you speaking of? I checked the wiki page that this post was linked from and also in your instructions but don't see anything mentioning a DNS URL. Thanks!
skineedog
DD-WRT Novice


Joined: 01 May 2011
Posts: 11

PostPosted: Sun May 08, 2011 14:04    Post subject: Reply with quote
DNS URL would only be applicable if you set up a service like DYNDNS under the Setup --> DDNS tab. Otherwise it would be your router's public IP address.

Not intending to seem rude but why would someone that obviously has very little knowledge of networking be interested in setting up SSH tunneling in the first place?
alongcor
DD-WRT Novice


Joined: 24 Mar 2011
Posts: 2

PostPosted: Tue May 10, 2011 5:20    Post subject: Reply with quote
You don't seem rude at all.

I was actually just trying to do a little project while I was bored one day to try to set up wake-on LAN on my desktop PC that is hard-wired to my router. I ended up setting up a free dynDNS account and configuring it through the web GUI and it works...sometimes. It's definitely not consistent, but I had my networking fun for a while!
Function
DD-WRT Novice


Joined: 22 May 2007
Posts: 24

PostPosted: Sun Nov 20, 2011 18:16    Post subject: Reply with quote
I couldn't get my Web Interface to work until I forwarded a port that wasn't in use

Under tunnel settings:
Source port: <random port that's not in use e.g. 5050>
Destination: localhost:80

Also I'd like to point out that it's possible to save the router login and password in a settings file so it's automatically entered when you fire up PuTTY (google it) and that saving the connection settings to a profile called "Default Settings" i.e. overriding the one that exists, will keep the settings there every time a new PuTTY window is created.

Thanks for the tip OP
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum