mudhorn/meshtastic
1
0
Fork 0
mirror of https://github.com/meshtastic/meshtastic.git synced 2025-01-12 14:27:45 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update remote-admin.mdx

Browse source 
Update all content to match the current remote admin arrangement.
This commit is contained in:
Nestpebble 2024-10-30 00:31:24 +00:00
parent e9e15a78dd
commit 100f1f0de2
2 changed files with 93 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/configuration/radio/channels.mdx
View file

@ -72,7 +72,7 @@ A short identifier for the channel. _(< 12 bytes)_
| Reserved Name | Purpose |
| :------------: | :----------------------------------------------------------------------------------------------------------------------------: |
| `""` (default) | If left empty on the Primary channel, this designates the `default` channel. |
| `admin` | On Secondary channels, the name `admin` (case sensitive) designates the `admin` channel used to administer nodes over the mesh |
| `admin` | On Secondary channels, the name `admin` (case sensitive) designates the `admin` channel used to administer nodes over the mesh. Note that this is a Legacy feature, and may be removed in future releases. |
:::note

254
docs/configuration/remote-admin.mdx
View file

@ -3,201 +3,131 @@ id: remote-admin
title: Remote Node Administration
sidebar_label: Remote Nodes
sidebar_position: 3
description: An advanced feature which allows remote administration of a device through a secure channel on the Mesh instead of via Bluetooth, Serial, or IPv4.
description: An advanced feature which allows remote administration of a device through a secure messages on the Mesh instead of via Bluetooth, Serial, or IPv4.
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
:::caution Disclaimer
This is an advanced feature that few users should need. Keep in mind that it is possible (if you are not careful) to assign settings to a remote node that cause it to completely drop off of your mesh. We advise network admins have a test node to test settings with before applying changes to a remote node to prevent this.
:::
This feature allows you to remotely administer Meshtastic nodes through the mesh.
By default, nodes will **only** respond to administrative commands via the local USB/Bluetooth/TCP interface. This is to provide basic security to prevent unauthorized access and is how normal administration and settings changes work. The only difference for the remote case is that we are sending those commands as Admin Messages over the mesh.
## Prerequisites
For any node that you want to administer, you must:
In order to send the Admin Messages over the mesh, a secure method of communication must be established.
1. Configure a channel with the channel name of `admin`.
2. Set the PSK for the `admin` channel with the same key you wish to administer other all other nodes of the mesh with.
For firmware versions 2.5 and later, this is achieved by storing the public key of the controlling node in the remote node's Security Config. Up to three separate public keys can be stored in any node's settings, allowing some flexibility around remote node administration.
## Creating the admin channel
For firmware versions 2.4.x and earlier, this was achieved by setting up a channel with the name `admin` and a shared PSK. Commands were issued in various ways depending on the Client App, with the Admin Messages passed between nodes over this channel similar to the legacy DMs. Any node in the channel can manage any other node.
By default, nodes will **only** respond to administrative commands via the local USB/Bluetooth/TCP interface. This provides basic security to prevent unauthorized access and is how normal administration and settings changes work. The only difference for the remote case is that we are sending those commands over the mesh.
This `admin` channel method is still supported in firmware versions 2.5 and later, but must be specifically enabled via the "Legacy Admin channel" setting.
Before a node will allow remote admin access, it must have a primary channel:
```shell title="Command"
meshtastic --info
```
```markdown title="Expected output"
Connected to radio
...
Channels:
PRIMARY psk=default { "psk": "AQ==" }
Primary channel URL: https://meshtastic.org/e/#CgMSAQESCggBOANAA0gBUBs
```
From this output you see can that this node knows about only one channel and that its PSK is set to the default value.
Now we add an admin channel:
:::note
The name of the channel is important and must be `admin`.
:::info
Remote Admin is complemented by setting [Managed Mode](/docs/configuration/radio/security/#managed-mode) on the remote node, which restricts radio configurations on that node. It is not necessary to set Managed Mode for Remote Admin to function.
:::
```shell title="Command"
meshtastic --ch-add admin
```
```shell title="Expected output"
Connected to radio
Writing modified channels to device
```
Run `meshtastic --info` and your channels will now look like this:
```shell title="Expected output"
Connected to radio
...
Channels:
PRIMARY psk=default { "psk": "AQ==" }
SECONDARY psk=secret { "psk": "YyDCitupTAOOXTcaMDxyNhDpPa3eThiQFziPFCqT0mo=", "name": "admin" }
Primary channel URL: https://meshtastic.org/e/#CgMSAQESCggBOANAA0gBUBs
Complete URL (includes all channels): https://meshtastic.org/e/#CgMSAQEKKRIgYyDCitupTAOOXTcaMDxyNhDpPa3eThiQFziPFCqT0moaBWFkbWluEgoIATgDQANIAVAb
```
Notice that now we have a new secondary channel and the `--info` option prints out TWO URLs. The `Complete URL` includes all of the channels this node understands. The URL contains the preshared keys and should be treated with caution and kept a secret. When deploying remote administration, you only need the node you want to administer and the node you are locally connected to, to know this new "admin" channel. All of the other nodes will forward the packets as long as they are a member of the primary channel.
## Remote Admin Config Client Availability
## Sharing the admin channel with other nodes
<Tabs
groupId="settings"
defaultValue="apple"
values={[
{label: 'Android', value: 'android'},
{label: 'Apple', value: 'apple'},
{label: 'CLI', value: 'cli'},
{label: 'Web', value: 'web'},
]}>
<TabItem value="android">
Creating an "admin" channel automatically generates a preshared key. In order to administer other nodes remotely, we need to copy the preshared key to the new nodes.
#### Android
For this step you need physical access to both the nodes.
:::info
All current and Legacy Remote Admin config options are available for Android.
:::
1. Create the "admin" channel on the "local node" using the instructions above.
2. Copy the "Complete URL" someplace for permanent reference/access.
3. Connect to the "remote node" over the USB port.
4. For the "remote node" type
#### Setting up Remote Admin using the current method
```shell
meshtastic --seturl the-url-from-step-2
```
1. Connect to the node that will be used as the local controlling node.
2. The public key of a node is found in [Security Config](/docs/configuration/radio/security/#public-key).
3. Copy the public key of the controlling node to a note taking app.
4. Connect to the node that will be used as the remote administered node.
5. The public key of the controlling node is added as Admin Key in [Security Config](/docs/configuration/radio/security/#admin-key).
6. Up to 3 Admin Keys may be supplied, allowing up to 3 controlling nodes.
5. Run `meshtastic --info` and confirm that the "Complete URL" is the same for both of the nodes.
#### Setting up Remote Admin using the Legacy method
At this point you can take your remote node and install it far away. You will still be able to change any of its settings.
An Admin channel is set up by entering a secondary channel with the name `admin` using the method described in [Channels](/docs/configuration/radio/channels/)
## Remotely administering your node
Legacy admin is enabled using the Legacy Admin channel option in [Security Config](/docs/configuration/radio/security/#admin-channel-enabled).
Now that both your local node and the remote node contain your secret admin channel key, you can now change settings remotely:
#### Carrying out Remote Admin tasks
Get the node list from the local node:
1. Open the Meshtastic App, connect to the local controlling node.
2. In the node list pane, select a node by tapping the Short Name in the colored bubble, then select More details.
3. In the more details screen, select Remote Administration, next to a gear icon.
4. From the Remote Administration screen, all Radio and Module configuration options are available.
```shell title="Command"
meshtastic --nodes
```
```markdown title="Expected output"
Connected to radio
/-------------------------------------------------------------------------------------------------------------\
|N| User |AKA| ID |Latitude|Longitude|Altitude|Battery| SNR | LastHeard | Since |
|-+------------+---+---------+--------+---------+--------+-------+---------+-------------------+--------------|
|1|Unknown 9058|?58|!28979058|25.0382°|121.5731°| N/A | N/A |-13.50 dB|2021-03-22 09:25:42|19 seconds ago|
\-------------------------------------------------------------------------------------------------------------/
```
</TabItem>
<TabItem value="apple">
#### Apple
:::info
All current and Legacy Remote Admin config options are available iOS, iPadOS and macOS
:::
#### Setting up Remote Admin using the current method
1. Connect to the node that will be used as the local controlling node.
2. The public key of a node is found in [Security Config](/docs/configuration/radio/security/#public-key).
3. Copy the public key of the controlling node to a note taking app.
4. Connect to the node that will be used as the remote administered node.
5. The public key of the controlling node is added as Admin Key in [Security Config](/docs/configuration/radio/security/#admin-key).
6. Up to 3 Admin Keys may be supplied, allowing up to 3 controlling nodes.
#### Setting up Remote Admin using the Legacy method
An Admin channel is set up by entering a secondary channel with the name `admin` using the method described in [Channels](/docs/configuration/radio/channels/)
Legacy admin is enabled using the Legacy Admin channel option in [Security Config](/docs/configuration/radio/security/#admin-channel-enabled).
#### Carrying out Remote Admin tasks
1. Open the Meshtastic App, connect to the local controlling node.
2. ???
3. ???
4. From the Remote Administration screen, all Radio and Module configuration options are available.
</TabItem>
<TabItem value="cli">
#### CLI
:::info
All current and Legacy Remote Admin config options are available in the python CLI.
:::
Commands are issued using a `--dest '!28979058'` argument and node ID to identify the remote node.
Using the node ID from that list, send a message through the mesh telling that node to change its owner name.
:::info
The --dest argument value must be in single quotes for linux/mac: '!28979058', no quotes for Windows: !28979058.
:::
```shell title="Command"
meshtastic --dest '!28979058' --set-owner "Im Remote"
```
```markdown title="Expected output"
Connected to radio
Setting device owner to Im Remote
Waiting for an acknowledgment from remote node (this could take a while)
```
And you can now confirm via the local node that the remote node has changed:
</TabItem>
<TabItem value="web">
```shell title="Command"
meshtastic --nodes
```
```markdown title="Expected output"
Connected to radio
/----------------------------------------------------------------------------------------------------\
|N| User |AKA| ID | Position |Battery| SNR | LastHeard | Since |
|-+---------+---+---------+------------------------+-------+-------+-------------------+-------------|
|1|Im Remote|IR |!28979058|25.0382°, 121.5731°, N/A| N/A |8.75 dB|2021-03-22 09:35:42|3 minutes ago|
\----------------------------------------------------------------------------------------------------/
```
#### Web
Note: you can change **any** parameter, add channels or get settings from the remote node. Here's an example of setting ls_secs using the `--set` command and printing the position settings from the remote node using the `--get` command:
:::info
All current and Legacy Remote Admin config options are available in the Web UI.
:::
```shell title="Command"
meshtastic --dest '!28979058' --set power.ls_secs 301 --get position
```
```markdown title="Expected output"
Connected to radio
Requesting current config from remote node (this can take a while).
power:
wait_bluetooth_secs: 60
mesh_sds_timeout_secs: 7200
sds_secs: 4294967295
ls_secs: 300
min_wake_secs: 10
Set power.ls_secs to 301
Writing modified preferences to device
Requesting current config from remote node (this can take a while).
Received an ACK.
Completed getting preferences
Waiting for an acknowledgment from remote node (this could take a while)
position:
position_broadcast_secs: 900
position_broadcast_smart_enabled: true
gps_enabled: true
gps_update_interval: 120
gps_attempt_time: 900
position_flags: 3
rx_gpio: 15
tx_gpio: 13
broadcast_smart_minimum_distance: 100
broadcast_smart_minimum_interval_secs: 30
Completed getting preferences
```
To set the `hop_limit` to 4 and then get the lora settings to confirm your new settings:
```shell title="Command"
meshtastic --dest '!28979058' --set lora.hop_limit 4 --get lora
```
```markdown title="Expected output"
lora:
use_preset: true
region: US
hop_limit: 3
tx_enabled: true
tx_power: 30
Set lora.hop_limit to 4
Writing modified preferences to device
Requesting current config from remote node (this can take a while).
Received an ACK.
Completed getting preferences
Waiting for an acknowledgment from remote node (this could take a while)
lora:
use_preset: true
region: US
hop_limit: 4
tx_enabled: true
tx_power: 30
```
## Admin Channel Setup is Complete
You've finished setting up and adding two devices to the admin channel. Remember, because this is a mesh network, it doesn't matter which node you are at; you could administer your first device we set up from the second one we added to the channel. And the settings and examples on this page are just a taste of the other settings you can set.
For further reading, I recommend starting out with the [Meshtastic Python CLI Guide](/docs/software/python/cli/) if you haven't already gone through this (hopefully you have since you are reading this). But for a full reference to the settings you can change, please see:
[Settings Overview](/docs/configuration) and
[Complete list of user settings in Protobufs](https://buf.build/meshtastic/protobufs/docs/main:meshtastic#meshtastic.User)
</TabItem>
</Tabs>