Enable (temporary) access to Web Admin Console, via SSH

Home Forums Conduit: AEP Model Enable (temporary) access to Web Admin Console, via SSH

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 11, 2016 at 1:37 pm #13894
    Chris Friedel
    Participant

    Hi all.

    On our production deployments we only enable SSH over the WAN (PPP Cellular, albeit on a non-standard port), and disable WAN access to 80 / 443 web interfaces. We do this both for security concerns, as well as to limit wasted data from bots, scanners, and crawlers that often hit public IP addresses looking for web content.

    We are curious, in an emergency, is there a “best practice” or recommended way to temporarily enable WAN access to the web admin interface using the SSH connection to gain that remote access.

    For example, something we have thought of was connecting to the remote device over SSH, and then editing the db.json file to enable WAN access to the admin console, and then forcing a system restart, to enable access. However, I’m not sure if direct editing of the db.json file is recommend – and it also requires downtime from the reboot (and most likely whatever change we’re about to make via the web console will ALSO require a reboot).

    Any insight on how best to approach this would be appreciate.
    Thank you all!

    Chris

    July 11, 2016 at 3:20 pm #13897
    Chris Friedel
    Participant

    Actually, something that came to mind. I believe the AEP presents a restful web API, is that correct? If so, is there a command(s) that can be issued over this api to enable WAN connection to the admin console? This would be an ideal implementation I believe.

    July 12, 2016 at 7:54 am #13973
    Jeff Hatch
    Keymaster

    Chris,

    You can use the curl utility and issue API requests on the Conduit to enable UI access via WAN and then issue a second API request to save and restart to make the change effective. It would be something like the following:

    Enable HTTPS over WAN
    curl -s -m 5 -X PUT -H “Content-Type: json/application” -d ‘{ “wan” : true }’ 127.0.0.1/api/remoteAccess/https

    Save and restart
    curl -ik -c cookies -X POST -H ‘Content-Type: application/json’ -d ‘{}’ https://127.0.0.1/api/command/save_restart

    To disable just set the “wan” to false in the first request and save and restart with the second request.

    Jeff

    July 12, 2016 at 12:01 pm #13976
    Chris Friedel
    Participant

    Best answer of the day! Thank you very much 🙂

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.