meshtastic/docs/configuration/remote-admin.mdx

---
id: remote-admin
title: Remote Node Administration
sidebar_label: Remote Nodes
sidebar_position: 3
description: An advanced feature for securely administering remote devices over the mesh network instead of via Bluetooth, Serial, or IPv4.
---

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

:::caution Disclaimer
This is an advanced feature intended for experienced users. It’s possible (if not done carefully) to apply settings to a remote node that could cause it to disconnect from the mesh. Network admins are advised to use a test node to trial settings before applying changes to a remote node to prevent this.
:::

This feature allows secure remote administration of Meshtastic nodes over the mesh network.

By default, nodes will only respond to administrative commands via the local USB, Bluetooth, or TCP interfaces. This basic security measure prevents unauthorized access and defines how standard administration and settings changes are managed. The only difference with remote administration is that commands are sent securely as Admin Messages over the mesh.

## Prerequisites

For firmware versions 2.5 and later, remote administration is achieved by storing the public key of the local node in one of the Admin Key fields within the remote node’s Security Config. Each remote node can store up to three unique Admin Keys, providing flexibility for managing nodes across the network.

For firmware versions 2.4.x and earlier, this is achieved by creating a secondary channel named `admin` with a shared PSK. In this setup, messages exchanged on this channel are encrypted only with the channel’s PSK, allowing any node in the channel to administer others.

This `admin` channel method is still supported in firmware versions 2.5 and later, but must be specifically enabled via the "Legacy Admin channel" setting and is only for managing pre-2.5 nodes. A firmware version 2.5 and later node cannot be managed in this way.

:::info
Remote Admin is complemented by setting [Managed Mode](/docs/configuration/radio/security/#managed-mode) on the remote node, which restricts radio configurations on that node. It is not necessary to set Managed Mode for Remote Admin to function.
:::

## Remote Admin Config Client Availability

<Tabs
groupId="settings"
defaultValue="apple"
values={[
{label: 'Android', value: 'android'},
{label: 'Apple', value: 'apple'},
{label: 'CLI', value: 'cli'},
{label: 'Web', value: 'web'},
]}>
<TabItem value="android">

#### Android

#### Setting up Remote Admin Using the PKC Method

1. Connect to the local node that will be administering the remote node.
2. Go to **⋮ > Radio Configuration > [Security](/docs/configuration/radio/security/#public-key)** to find its public key.
3. Copy the public key to use for configuring the remote node.
4. Connect to the node that will be the remotely administered node.
5. Go to the same **Security** menu as in Step 2, and press **"Add"** to paste the public key of the local node into an Admin Key field.
6. Up to 3 Admin Keys may be supplied, one per field, allowing up to 3 controlling nodes.

#### Setting up Remote Admin using the Legacy method

An Admin channel is set up by entering a secondary channel with the name `admin` using the method described in [Channels](/docs/configuration/radio/channels/)

Legacy admin is enabled using the Legacy Admin channel option in [Security Config](/docs/configuration/radio/security/#admin-channel-enabled).

#### Carrying out Remote Admin tasks

1. Open the Meshtastic App, connect to the local controlling node.
2. In the node list pane, select a node by tapping the Short Name in the colored bubble, then select More details.
3. In the more details screen, select Remote Administration, next to a gear icon.
4. From the Remote Administration screen, all Radio and Module configuration options are available.

</TabItem>
<TabItem value="apple">

#### Apple

#### Setting up Remote Admin Using the PKC Method

1. Connect to the node that will be used to administer the remote node.
2. Go to Settings > App Settings on this node and enable **Administration**.
3. Navigate to **Settings > Radio Configuration > [Security](/docs/configuration/radio/security/#public-key)** to find its public key.
4. Copy the public key to use for configuring the remote node.
5. Connect to the remote node.
6. In **Settings > Radio Configuration > Security**, add the public key of the local node as an Admin Key.
7. Up to 3 Admin Keys may be supplied, allowing up to 3 controlling nodes.
8. On the remote node, go to **Settings > App Settings** and enable **Administration**.

#### Setting up Remote Admin using the Legacy method

An Admin channel is set up by entering a secondary channel with the name `admin` using the method described in [Channels](/docs/configuration/radio/channels/)

Legacy admin is enabled using the Legacy Admin channel option in [Security Config](/docs/configuration/radio/security/#admin-channel-enabled).

#### Carrying out Remote Admin tasks

1. Open the Meshtastic App and connect to the local node you’re using to administer the remote node.
2. Go to **Settings**.
3. Select the node you want to manage under **Settings > Configure Node**.
4. Suported Radio and Module settings for the remote node will be accessible from the **Settings** screen.
5. When finished administering the remote node, select your own node again in Settings > Configure Node.

</TabItem>
<TabItem value="cli">

#### CLI

#### Setting up Remote Admin Using the PKC Method

1. Connect via USB to the node that will be administering the remote node.
2. Retrieve its Public Key by running:
   ```bash
   meshtastic --get security.public_key
   ```
3. Copy the public key to use when configuring the remote node.
4. Connect to the remote node via USB.
5. Set the Admin Key on the remote node by running:
   ```bash
   meshtastic --set security.admin_key "PASTEPUBLICKEYHERE"
   ```
6. You may add up to 3 Admin Keys, enabling control from up to 3 different nodes.

#### Setting up Remote Admin Using the Legacy Method

To use the legacy method, set up an Admin channel as a secondary channel with the name `admin` by following the instructions in the [Channels](/docs/configuration/radio/channels/) section.

Enable Legacy Admin in the [Security Config](/docs/configuration/radio/security/#admin-channel-enabled) by running the following CLI command:

```bash
meshtastic --set security.admin_channel_enabled
```

#### Carrying Out Remote Admin Tasks

Remote admin commands are issued using the `--dest` argument with the `!nodeid` of the target node. Only the `--set` and `--get` commands are supported for remote administration. You can use these commands to modify parameters, add channels, or retrieve settings from the remote node. For example:

```bash
meshtastic --set security.admin_key "PASTEPUBLICKEYHERE" --dest '!28979058'
```

:::info
For Linux/Mac, enclose the `nodeid` value in single quotes: `--dest '!28979058'`. For Windows, quotes are not required: `--dest !28979058`.
:::

</TabItem>
<TabItem value="web">

#### Web

</TabItem>
</Tabs>