Users and access (changing the admin password)
You can set up an administrator password and accounts for other Keenetic router users on the 'Users and access' page.
User accounts are required to control access to services and applications installed in the Keenetic router.
Important
By default, one admin account is preset in the Keenetic router. The account with the reserved username 'admin
' cannot be deleted or renamed. Besides, the 'admin
' account cannot be deprived of the right to access the command-line interface (TELNET and SSH) and full (Read/Write) access to the router settings.
Only the built-in admin account can be used to manage the Wi-Fi System.
To change the administrator password in the 'User accounts' section, click on its entry.
In the window that appears, enter the new administrator password twice in 'Password' and 'Repeat password'. Then click 'Save'.
Important
Remember or save the administrator password. This password is required when connecting to the web interface of the router and changing settings.
Note
The access rights list depends on the router model and the components installed in the KeeneticOS system.
Tip
Do not unnecessarily disable access to the router's web interface for the administrator (admin
) account. Access can only be restored from the router's command-line interface by following the instruction How to restore access to the web interface.
To create a new account, click the 'Create user' button.
In the appeared window 'New user' enter the new account's name in the 'Username' field.
Important
The maximum length of a username should not exceed 32 characters
. Do not use a username consisting only of numbers.
We do not recommend using system (service) names that can be misinterpreted by the router's operating system (e.g. user
, home
, root
, guest
, vpn
, etc.), which can lead to incorrect system operation. Still, it is acceptable in combination with numbers or other characters (e.g. user01
, vpnuser
, homeuser
, root_007
, guestvpn
, etc.).
Type the user's password twice in the 'Password' and 'Repeat password' fields (maximum password length is 32 characters
). Below, tick the services and applications you want to grant access to the user. Then click 'Save'.
In this example, a 'user
' account has been created.
In addition to user management settings, on the 'Users and access' page, you can also change the default TCP ports for connecting to the web configurator and command-line interface (CLI) of the router. In the 'HTTP port' and 'TELNET port' fields, you can specify a different port number than the default ones (TCP/80
and TCP/23
).
Important
After changing the default port for the web configurator, you will need to enter it in your browser along with the IP address: IP_address:port_number
For instance: 192.168.1.1:81
After changing the default port for the command-line interface, you will need to use the telnet command: telnet IP_address port_number
For example, telnet 192.168.1.1 223
If you need to allow access to Keenetic control from the Internet, specify the protocol (HTTP/HTTPS, TELNET or SSH) in the 'Remote access' section.
Starting from version KeeneticOS 3.1
, you can select 'No access', 'HTTP and HTTPS' and 'HTTPS only' in the 'Remote access' settings.
SSH settings will only appear in the web interface after the 'SSH server' system component has been installed. For more information, see 'SSH remote access to the Keenetic command line'.
Tip
If you are concerned about the security of your router on the Internet, we can recommend the following:
Use complex passwords of at least
8 characters
long. Generate random passwords. Include numbers and other symbols in the password. Avoid using the same password for different sites or purposes.Do not open access to the router's web interface and command line from the Internet without necessity. With the default (factory) settings, access to the Keenetic's management (its web configurator and command line) from the Internet is blocked. This is implemented for device and local network security.
Set the 'Remote access' field to 'HTTPS only'. By doing this, you will increase the security of access to the router's web interface. The device can then be accessed remotely via the domain name and a secure connection with a security certificate.
Keenetic routers have a password protection function (brute-force protection). Be sure to use this feature, do not disable it (by default, this protection is enabled). For more information, see the Brute force protection function for router password article.
Usually, the above tips are enough to ensure the security of the router, but you can also do more:
Using the Firewall rules, you can access the device only from a specific IP address and only for certain services.
When using Internet access to the router from the Internet, you can change the default port number. For example, change the standard port
80
of the web configurator to280
.Create a new user account, set it up with the same access rights as admin and use it exclusively. And for admin, you can remove all access rights except command-line access (CLI).