Connecting to your router
To be able to configure and control your router, you need to logon to it. There are several ways of doing this and they are described on this page.
How to use your router's monitor and keyboard probably doesn't need an explanation. Although impractical (unless you own a KVM-switch) it's sometimes the only way to access your router if something goes horribly wrong. It's a good idea to keep this an option by always having a spare keyboard and a monitor ready.
SSH is a network protocol that allows you to send commands over an encrypted connection to your router. SSH can do more than that but here the focus will be on its ability to command your router since this will probably be your primary way of controlling it. Remember that SSH, for security reasons, does not allow you to logon as root. It's important that you have setup a user account for yourself belonging to the wheel group as explained earlier. After logging on as yourself you issue the command su (switch user) and enter the root password - this is the way you become root through SSH.
SSH in Windows
Windows has no built-in ability to use SSH so you need some extra software for it. PuTTY is a free and open-source software that's been around for many years. It's written and maintained by Simon Tatham and distributed under the MIT license. The latest version for Windows can be downloaded here. It doesn't require any installation - you simply double click it when you want to start it. Now, let's have a look at how you use it.
When you start PuTTY for the first time you will see the configuration screen.
Enter your router's LAN IP address in Host Name (or IP address). It should be 192.168.0.1 if you followed the instructions earlier. If you selected another IP address for your router you have to use it instead. (Disregard the fact that the screenshot shows 192.168.0.63 - I'm too lazy to correct it). When you've entered the IP address you also enter a name for this configuration in the Saved Sessions field and then you click Save. That name will appear in the list below Default Settings. To connect to your router simply double click it.
PuTTY will now receive encryption keys from the router which will be used to encrypt all further communication. You'll have to answer Yes here to store the keys permanently in your configuration and avoid this question in the future. This key exchange is of course a security concern if someone is eavesdropping on your network. You probably don't have to worry about that on your home network though, but a really paranoid person would probably want to transfer these keys manually instead of transmitting them over the LAN.
If everything went well you will see your router's login prompt. Use your personal user id to logon and then use the su command to become root.
$ su Password:
SSH in Linux
Everything you need is already in your operating system. Simply open a console and type the following:
~$ ssh -l userid 192.168.0.1
Exchange userid with the user account you created for yourself on the router and exchange the IP address with the one of your own router unless it's the same as in this example. The encryption keys needed for further communication will be received from the router and you'll have to accept them to be able to continue.
The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established. DSA key fingerprint is fe:08:b3:ca:d4:4b:be:57:90:a1:e4:20:57:b8:6d:87. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.1' (DSA) to the list of known hosts. Password: $
Use su to switch to the root account.
If you have a serial port, both in your router and in the computer you use to manage the router, you can connect them with a null modem cable and control the router's console this way instead. It's independent of the network and since it's the primary console redirected to the serial port, it allows direct root logon. This is a very nice alternative to using the router's real keyboard and monitor. If you have several serial ports in the router you need to use the first physical serial port for this to work. On the controlling computer you can use a terminal program like Kermit.
Three files have to be modified. Add this line to /boot.config.
The -D parameter will allow both the normal console and the serial console to work simultaneously.
You'll have to add several lines to /boot/loader.conf.
boot_multicons="YES" boot_serial="YES" comconsole_speed="115200" console="comconsole,vidconsole"
/boot/loader.conf probably already contains the row that loads the driver for the harddrive mirror. Simply add these lines below it. Note the comconsole_speed="115200". This option will change the speed of the serial port from it's default 9600 baud to 115200 baud. Adjust your terminal program accordingly.
Finally you have to allow yourself to actually logon over the serial console, not just watch the router's boot messages. /etc/ttys will do the trick. Find the following row:
ttyd0 "/usr/libexec/getty std.9600" dialup off secure
Change it to:
ttyd0 "/usr/libexec/getty std.115200" xterm on secure
Connect your terminal software and then reboot the router:
# shutdown -r now
You should now be able to see all boot messages on the serial console and also be able to logon there.
Files and commands
- /boot.config - configuration file for the boot blocks
- /boot/loader.conf - contains commands that should be carried out very early in the boot process
- ee - the Easy Editor
- su - the switch user command