Prior to starting using the app, you should make sure the following requirements are met:
- The Router(s) you intend to use the app with runs a DD-WRT firmware
- An SSH server is available and running on the Router(s)
Installing DD-WRT on your Router(s) is out of the scope of this guide. Please refer to the official DD-WRT Site for instructions.
Secure Shell, or SSH, is a command interface and protocol for securely getting access to a remote host. It has been chosen as the preferred secure communication channel between DD-WRT Companion and your DD-WRT Router.
From a computer, use a browser to login to the Web Management Interface of your Router, e.g.: http://192.168.1.1.
Note: The app attempts to guess the IP Address of your Router(s), by fetching the gateway address of the network your phone is connected to. Just connect to a Wi-Fi network provided by the Router, and open the app on your Phone.
Once on the Web Management Page of your Router, select the “Services” tab
Now scroll down to the “Secure Shell” settings, and make sure you have “SSHd” enabled, and either “Password Login” enabled (for password-based authentication) or “Authorized Keys” filled out (for public/private key authentication) , or both.
The default port for SSH is 22, but it is recommended that you change it to a non-standard port above 1024 for security reasons. Remember the port you set, as you will need to enter it into your SSH client (and the DD-WRT Companion app) in order to connect to the router.
Finish by scrolling down to the bottom of the page. Then click on “Save”, then “Apply Settings”, and “Reboot Router” buttons:
If you have enabled the “Password Login” option in the “Secure Shell” settings, then you will need the following info to let DD-WRT Companion connect to the router:
- User: root
- Password: the password you set in the web interface
Public key authentication is one of the most secure methods of logging into SSH. It is considered as secured, as all transmissions are encrypted with a key that only the client and server will have.
To enable it, you will need to generate a Public/Private key pair on your desktop machine, then copy the public key in the router (actually, in the “Authorized Keys” text area of the “Secure Shell” settings).
On Windows, you can make use of Putty/PuttyGen software.
On Linux or Mac OS X, make use of the ssh-keygen command-line tool, e.g.:
jedi:~ rm3l$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/rm3l/.ssh/id_rsa): /tmp/my_rsa_privkey Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /tmp/my_rsa_privkey. Your public key has been saved in /tmp/my_rsa_privkey.pub. The key fingerprint is: d1:8b:e8:29:bc:9e:31:ce:db:31:c9:94:d6:e5:35:51 firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ | ..E | | . . | | . o o | | + = o . | | = S o | | . = o | | = B | | o B o | | .B.. | +-----------------+ jedi:~ rm3l$
As the name implies, the public key is intended to be public, while the private key must be kept secret.
DD-WRT Companion actually behaves as an SSH Client, and as such, it will need the private key to authenticate against the router (which will in turn check it against the public keys you copied beforehand).
Of course, such sensitive information is encrypted once again locally, and never ever leaves your mobile device.
By default, the SSH Server on some DD-WRT Routers may not accept incoming connections from external networks (such as the internet). Thus, you may not be able to remotely manage your routers with the app, unless connected to a WiFi network provided by the router.
To enable remote SSH access (see the screen capture below):
- Head to the "Administration" tab and the "Management" sub-tab on the Web Interface
- Enable "SSH Management" under the section titled "Remote Access"
- Enter the same port number as specified in the section above (22 is the default SSH port). This opens the port in the firewall.
- Click on "Save", then "Apply Settings", and "Reboot Router" buttons
Testing the setup
As DD-WRT Companion assumes the Router has a fully working SSH server, we generally recommend you make sure you can manually connect to the Router from a computer, using the same credentials you intend to pass to the app. If everything works as expected, then you should have no problem using the app with your Router.
Linux or Mac OS X
Open up a Terminal application. Depending on how you configured the Router “Secure Shell” settings, you may need any of the commands below.
Issue the following command, where ROUTER_IP_OR_DNS is the Router IP Address or DNS name.
ssh -v -p 22 -l root ROUTER_IP_OR_DNS
At the password prompt, specify the password you set in the DD-WRT web interface (replace the port “22” accordingly if you specified something other than the default one):
Private-key based login
Issue the following command, where ROUTER_IP_OR_DNS is the Router IP Address or DNS name, and /path/to/my/private/key the absolute or relative path to your private key file.
ssh -v -p 22 -l root -i /path/to/my/private/key ROUTER_IP_OR_DNS
If the private key requires a passphrase, you will be prompted to enter it. As always, replace the port “22” accordingly if you specified something other than the default one:
Putty comes again to the rescue, to help test the setup.