Wait for device connection -> Device Security Settings

Device Security Settings

Summary

This page provides comprehensive controls for managing the security of your connected device. You can enable or disable a software firewall, control access to the SSH port, manage end-to-end encryption for SSH connections, and configure automated administrator access. These settings help you protect your device from unauthorized access and ensure secure communication.

Page Access

You can access this page by navigating to: /devices_security

Page Functionalities

1. End-to-End Encryption with Device

Switch: Toggles whether unencrypted SSH connections are allowed to your device. When enabled, all SSH connections must be encrypted.
Explanation Text: Provides information on what end-to-end encryption means and considerations for when you might need to temporarily disable it (though generally not recommended).
Update Button: Applies your chosen encryption setting to the device.

2. Firewall Status

"I use a hardware firewall / Docker" Switch: Indicates if your device's network security is managed by an external hardware firewall or Docker. If this is active, the software firewall and SSH port blocking options are automatically set to active and cannot be changed here, as external systems are handling security.
Refresh Button: Updates the displayed firewall and SSH port blocking status from your device, ensuring you see the most current settings.
Software-based Firewall Status Switch: (Visible if "I use a hardware firewall / Docker" is OFF) Enables or disables the software firewall running directly on your device.
Block SSH Port Switch: (Visible if "I use a hardware firewall / Docker" is OFF and "Software-based Firewall Status" is ON) Controls whether the SSH port (port 22) on your device is blocked, preventing external SSH connections.
Information for Apple Devices: If your device is an Apple product, instructions and a link to an FAQ are provided on how to manage the firewall through macOS settings, as direct control via this app is limited for Macs.
Update Button: Applies your chosen firewall and SSH port settings to the device.

3. Administrator Access

"Allow automated switch to administrator access" Switch: (Visible if your device is not an Apple device) Toggles whether the system can automatically switch to administrator (root) access for certain operations.
Device Administrator Password Field: (Visible if automated administrator access is ON) Allows you to enter and securely store the administrator password for your device. This password is encrypted and stored on the device for automated operations. It is crucial to use a strong, unique password.
Update Button: Saves your administrator access preference and, if enabled, stores the encrypted password on your device.

4. Device Navigation

Terminal Icon: Opens the terminal view for direct command-line interaction with your device.
File Browser Icon: Opens the file browser to manage files and folders on your device.

Scenario Executions

Possible usage steps within this page

Scenario 1: Enabling End-to-End Encryption for SSH Connections

Locate the "End-to-End Encryption with Device" section.
Ensure the switch next to "Explain End-to-End Encryption with Device" is turned ON.
Click the "Update" button below the section.
A confirmation message "Updated setting successfully" should appear.

Scenario 2: Activating the Software Firewall and Blocking SSH Port

Locate the "Firewall Status" section.
Ensure the "I use a hardware firewall / Docker" switch is turned OFF.
Turn ON the "Software-based Firewall Status" switch.
Turn ON the "Block SSH Port" switch.
Click the "Update" button below the section.
Confirmation messages like "Firewall activated successfully" and "Firewall: blocking ssh port successfully" should appear.

Scenario 3: Setting Up Automated Administrator Access

Locate the "Administrator Access" section.
Turn ON the "Allow automated switch to administrator access" switch.
Enter a strong password in the "Device Administrator Password" field.
Click the "Update" button below the section.
A confirmation message "Stored encrypted password on device successfully" should appear.

Possible errors which may occur on this page

Error 1: Failed to Update End-to-End Encryption

If you click "Update" for the "End-to-End Encryption with Device" settings and receive an error message like "Error storing block unencrypted ssh connections", it indicates that the device failed to apply the new setting. This could be due to connectivity issues with the device, incorrect permissions, or a temporary problem on the device itself. Try refreshing your connection or checking the device's status.

Error 2: Failed to Activate/Deactivate Firewall or Block/Unblock SSH Port

When attempting to change firewall or SSH port settings, messages such as "Failed to activate firewall", "Failed to disable firewall", "Firewall: blocking ssh port failed", or "Firewall: enabling ssh port failed" may appear. These errors typically mean the SSH command sent to the device did not execute successfully. Reasons could include the device being offline, an invalid SSH connection, or insufficient administrator privileges on the device. Verify your device's network connection and SSH setup.

Error 3: Administrator Password Not Provided

If you enable "Allow automated switch to administrator access" and click "Update" without entering a password in the "Device Administrator Password" field, you will see a validation error "Device administrator password cannot be empty". You must provide a password to securely enable this feature.

Error 4: Failed to Store Administrator Password

If you enter a password for administrator access and click "Update", but receive an error such as "Error storing encrypted password on device", it means the system could not securely store the password on your device. This might be due to SSH connection problems or issues with the device's file system or permissions. Check your device's connectivity and available storage.