My network setup sometimes requires me to use SSH to tunnel into my home network to work on my machines remotely. Before my project, my desktop was running an SSH server (WinSSHD) which had its ports forwarded on my DLink DIR-615 router. This was far from ideal because if my desktop was down/disconnected I wouldn't be able to access any of the network via SSH. The ideal solution would be to run an SSH server on my router.
The Ideal Solution
After doing some quick research, I learned I could install new firmware on my router from an open source project called "DD-WRT". DD-WRT has at least all the features I took advantage of on my router (port forwarding, upnp, web interface). It also had the feature I wanted, an ssh server daemon. It is an open source project based on Linux. You can check to see if your router hardware is supported
here.
Note: Flashing your router with new firmware can result in it no longer working! I won't be held responsible by anything you do to your router and you should be confident before attempting anything recommended here!
The nice thing about the DIR-615 is that it provides a web interface for updating your firmware. This is also a means to easily install DD-WRT. Just download the firmware file and upload it via the web interface.
These are the instructions I used. Remember to check your hardware revision (letter) because it might be different and cause problems. The main DD-WRT router hardware page should tell you what is compatible. I was actually surprised at how easy everything was to setup. The only gotcha with the firmware upgrade was using IE instead of Chrome for the upload. Also, I put my router into a reduced state by holding the reset button until the Internet light flashed on the front. This will reset everything(including admin password) and make sure the router isn't too busy to complete the update. Always wire in when doing the upgrade since it will reset the wireless settings! Don't forget to download everything you need including instructions before starting since you might not have Internet access afterwards! Download your router's original firmware and know how to restore before starting as well. If you need Internet, reroute your cable modem to your computer instead of through your router. Don't attempt on borrowed or rented hardware!
After the firmware update, your router will now be accessible from http://192.168.1.1 since its IP is changed. Set your wired settings to use the 192.168.1.* subnet in order to see it. That url should bring up the following:
This is the router's info screen. At some point the router will ask you to make an admin username and password.
To get SSH working, I reviewed the following Wiki pages:
http://www.dd-wrt.com/wiki/index.php/SSH_access_from_internet
http://www.dd-wrt.com/wiki/index.php/Easy_SSH_tunnels
http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line
If you are lazy [Note: you are responsible for your own security]:
- Navigate to Services -> Services
- Scroll down to Secure Shell
- Turn on SSHd
- Turn on SSH TCP Forwarding
- Enable password login or provide public keys for login (if you don't know, just go with password)
- Give it a port
- Navigate to Administration -> Management
- Scroll down to Remote Access
- Turn on SSH Management
- Give SSH a port to run on
- For my ports I use 443 since 443 is usually open in firewalls and represents encrypted https traffic
- Setup a Dynamic DNS service on the router or a pc (Setup -> DDNS)
Some gotchas:
- You can't enable https for the web GUI since it will use port 443. Give your SSHd a different port to run on and then you can use https
- You can only have one user if using password login and that user is "root" with admin password
- I use Putty Tray as my ssh client because it is powerful and minimizes to the system tray.
Other Things to Do With Your Router
Enable Remote Access -> Web GUI Management
This is useful for performing maintenance remotely or rebooting your router. Especially nice if you won't have anyone to help your troubleshoot your router while you are away or if those people aren't tech savvy.
Setup static IPs for your computers
Leave your computers as DHCP and setup the DHCP server on the router to associate a specific MAC address with a specific IP address. Use these IPs in your port and firewall rules.
Setup a PPTP VPN
This should let you use Window's to connect your your home VPN without any computers running the VPN server.
Add a second way to connect to your wireless
This tutorial might get you started.
Some other things you can do with this:
- Create a temporary wireless point for guests with a different password.
- Create an access point using a less secure encryption but set access restrictions.
- Create a public wireless network but with lower signal so only in-house guests can access the wireless
- Create a public wireless network but make it ad supported using the other DD-WRT services such as Chilispot, WifiDog, or AnchorFree under Services->Hotspot or Services->My Ad Network
- User DD-WRT to provide a wirelss hotspot for customers but a private network for your business
With any of these methods, you should use a separate subnet and other security controls to prevent breeches.
Bridge two different LANs with wireless or Add a wireless repeater
This is good if you have a computer in a different part of the house without wireless and you have a spare router r have a big house.
http://www.dd-wrt.com/wiki/index.php/Linking_Routers
Run a VoIP PBX via Asterisk on your router
Watch out, this is tricky!
http://www.dd-wrt.com/wiki/index.php/Asterisk
Add network storage via SMB or FTP
Only if you have a USB port in your router
http://www.dd-wrt.com/wiki/index.php/USB_storage
Block websites, time restrict access to certain websites
Stop yourself from playing too much farmville
Left as an exercise for the reader.
Many, many more ideas
http://www.dd-wrt.com/wiki/index.php/Tutorials
Remember, some things your router might need more memory or specific hardware that you don't have. I know my router doesn't support jffs so that prevents me from doing some things.
Let me know what project you decide to undertake.
![perspective[1]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp619I0z84Qe9cKo8D5Ad_b9Nnk8JzWcCBlo5hBOqOqu_IYPz81rccwZvOnsm-gQ4LhIzX3-sdGs2XeVFmknOPznfoQ_0esIADSPwZ061L5Or8bxdr2qsvIxtb0FuVcJkPiXvsmg52muY/s1600-h/perspective%5B1%5D%5B2%5D.png "perspective[1]")
