Hi everyone
I’m new ins this community and I’m new with de GL-AX1800 (Flint) router.
I love it.
I’m exploring all the features and for me it’s quite interested the ddns.
I would have remote ssh access but I would like change the default 22 port to avoid have it exposed to internet.
Is it possible? Thanks in advance
Changing a port like this isn’t a really good idea. It‘s security by obscurity - which is mostly useless.
Just use key based login in SSH and disable password login.
You’d be far more secure using the Flint as a WG Server then connecting to the SSH daemon (dropbear) over that. Just be sure to set a WG preshared key (PSK). You won’t have to fuss with port forwarding or other firewall changes either. GL GUI handles it all for you.
Thanks
Is it possible to user key based login in ddns ssh access? I don’t find it.
Thanks
I will try to understand everything searching in Google but first of all I need to know what WG stand for 
Please, what WG means?
Wireguard, it’s some VPN technology.
But to be honest: SSH with a key is secure enough. Most Linux servers on the Internet use this and SSH is generally very secure.
Yes, you can change the SSH port, make SSH available via WAN, and set an SSH key. But, you have to do it from LuCI. You can access LuCI two ways (well, really, its the same way):
Login to the GL.iNet Admin Panel. Select System > Advanced Settings, read the warning and then click on the link.
On a LAN-connected device, browse to http://192.168.0.1/cgi-bin/luci/ (NOTE: change 192.168.0.1 to your router’s LAN IP address).
Login to LuCI with the userid of root and the same Admin Password you use to login to the GL.iNet Admin Panel.
To add an SSH-key, go to System > Administration and select the SSH-Keys tab. Paste in the contents of your id_rsa.pub file and then click the Add key button. Its probably best for you to try to login to your router from your LAN on port 22 using your SSH-key and make sure everything works before proceding ('cause otherwise you may end up locking yourself out).
Select System > Administration. Select the SSH Access tab.
To change the port, just key your new port number.
To open SSH up to the WAN, use the dropdown box to select unspecified (this will allow ssh access via LAN, WLAN, and WAN).
To require only SSH-keys, uncheck the Allow root logins with password and also uncheck the Password authentication checkbox.
Afer you’ve made these changes, click the Save & Apply button. Note: you can make the above changes one at a time, clicking Save & Apply, and then testing that each step works as expected. That last step is kinda final - once you nolonger allow passwords, you can only access the router with a key; if something goes wrong, you’ll end up having to reset the router which can be a PITA.
The sshds’ in mainline OWRT aren’t post-quantum cryptography (PQC) safe until sshd-9.4+… nor is WG without adding a PSK.
opkg list-installed | grep ssh
“Harvest now, decrypt later” ain’t just a meme, my guy.
Yeah, but for a consumer device that’s fine.
Obligatory “… according to yer threat model, of course!”
Thanks!!!
I’ll Try ASAP, I have some terrible workings weeks, sorry.
It’s far faster, easier, safer to set up WG Server. You’ll also have the ability to remotely manage the Flint if need be.
Worked perfectly.
thanks a lot
