I noticed that it is possible to SSH into my GL-AXT1800 with the admin credentials. What do people use that for? Why? Is there a CLI to control router settings or something?
If I don’t have a use for SSH’ing into the router, can I shut SSH off in order to minimize the attack surface?
Lot’s of reasons. Testing. If you have an attached drive or card, you can download directly to the drive via ssh. But yeah if you’re just using it for everyday routing, turn it off.
SSH is similar to a cmd shell, but with capabilities it can also be accessed external.
By default this is not configurated to be accessible from the outside on wan scope only the local networks.
SSH is a admin CLI, you can use it to diagnose things, edit files, its basically Linux in a command window
Tl;tr:
A proper configuration consists of not using root account (well cough cough that is not by OpenWrt design also not really a huge issue on local scope), but in practice key authentication is securer than password, with putty you have a program called puttygen where you can easily create the public key this you can paste in luci and disable root passwords
Thanks. Where can I learn specifically how to use the the Router’s linux shell to configure it? The manual I got with it talks about how to plug it and turn it on. That’s it!
Note dropbear is not standard in the Linux kernel, but since that OpenWrt (the OS), is made to be very small to run on these small chips, dropbear has a smaller in footprint than other ssh servers.