On routers with DMZ LED OpenWrt will use the LED to signal bootup, turning the LED on while booting and off once completely booted.

At this point we strongly suggest setting a password. Depending which firmware image you have installed, you can set the password either via OpenWrt WebIf or via telnet.

Connect to the router at its default address (usually 192.168.1.1) and issue the

passwd

Open your browser and connect to the router at its default address (usually 192.168.1.1). Login using username root with an empty password.

Then click on the right side in the top bar on Administration, then go to System (just a mouse over, no click) on the left side and click on Admin Password in the menu that pops up. A page to change the password is displayed.

Write your desired password into the field Password and repeat it in the field Confirmation. Finally click on Submit.

Your password is set now.

Open your browser and connect to the router at its default address (usually 192.168.1.1). The webif will now ask you to set a password. Write your password into the New Password field and again into the Confirm Password field then click set.

People are lazy. We don't want to give people a false sense of security by creating a password that everyone knows. We want to make sure you know that it's insecure by not even prompting for it.

Connect to your router with ssh 192.168.1.1 (port 22) or with your browser at the same address (port 80) using 'root' login.

Once you've completed initial setup, consider securing both SSH and web access to your router. Disable SSH password authentication (Administration > Services > Dropbear SSHd > Password Authentication), otherwise your router could be the target of brute-force password-guessing attacks.

If you require remote web access, OpenWRT does not provide a method to access its web interface securely via https (SSL) yet, as of v8.09.1. Consider disabling the existing (unencrypted) web access and either

• Tunneling your connection via SSH, OR
• Setting up an SSL-protected access with lighttppd

Both methods are discussed in this forum thread

If you require remote SSH access:

1. Change the default SSH incoming port (Administration > Services > Dropbear SSHd > Port)
2. Setup public key authentication, your public keys can be specified in Administation > System > SSH-keys. An older guide to DropBear SSH public key authentication has detailed information on generating SSH keypairs which include the public key(s) you should upload to your configuration.

This may very well be a problem with your firewall settings in Linux or Windows. If you have any firewalls, you may disable them. However once OpenWrt is installed and you do the first reboot, telnet no longer functions (see above).

Try again after a minute or two. On the first bootup OpenWrt will be busy setting up the filesystem and generating SSH keys; the SSH server won't start until after the keys have been generated.

Upgrading OpenWrt completely replaces the filesystem. This means that your previous password and ssh keys will be erased and you will have to set your password again.

Kamikaze users will then want to see the UCI reference.

See packages