Enable SSH on Asus Routers with(out) SSH Keys

Asuswrt-MerlinEnable SSH on Asus routers with or without SSH keys to conveniently and remotely manage your router from anywhere. I use AsusWRT-Merlin custom firmware (guide) which gives me more control over the device like configuring custom DDNS, installing nginx on the router using Optware and other goodies not possible on the ASUS stock firmware. The developer of AsusWRT-Merlin, RMerl provides the source code on github for those curious. You do not need to use a custom firmware to enable SSH!

Router Model
Wireless
Speed
Band
USB
Price
Asus RT-AC68U
802.11 ac
1900 Mbps
2.4 + 5 GHz
2 (1 USB 3.0)
$174
Asus RT-AC88U
802.11 ac
2100 Mbps
2.4 + 5 GHz
2 (1 USB 3.0)
$274
Asus RT-AC66U
802.11 ac
1750 Mbps
2.4 + 5 GHz
2 USB 2.0
$133
Asus RT-N66U
802.11 n
900 Mbps
2.4 + 5 GHz
2 USB 2.0
$100

Enable SSH on Asus Routers

There are two simple methods (which can also be combined) for SSH access depending on your use case.
The first is simple SSH access using the router’s login credentials. This method is most appropriate inside your home network where the risk of outsiders gaining access from the internet is minimal.

The second method is SSH access from outside your home network for which you should use SSH keys and block simple password login. This means any intruder will be automatically denied access since they don’t have the right key.

Both of these methods can be combined so you can allow both SSH keys and simple passwords from outside your home network. Ideally if you want to use simple passwords you should VPN into your Asus router instead in which case you would not need to enable WAN SSH access.

I have provided a working example using an SSH key that has already been destroyed.

ASUS Router Simple Local SSH access

Log into the web interface of the Asus Router

Click Administration in the left pane

Click the System Tab

Under SSH Daemon section set Enable SSH to Yes

Set the SSH service port if you don’t want to use the standard SSH port (22)

Set Allow SSH password login to Yes

Set Enable SSH Brute Force Protection to Yes

Scroll down and click Apply

ASUS Router SSH WAN Access Using SSH Keys

This section assumes you already have an SSH key generated, I use PuTTYgen (a guide will be posted eventually but see this one for an overview)

Log into the web interface of the Asus Router

Click Administration in the left pane

Click the System Tab

Under SSH Daemon section set Enable SSH to Yes

Set the SSH service port if you don’t want to use the standard SSH port number 22

If you want SSH access outside your home network set Allow SSH access from WAN to yes

Note that if you are using a private VPN to gain access to your home network, you do not need to Allow SSH access from WAN.

Set Allow SSH password login to No for maximum security

Paste your SSH Public key (not the private key!) in the SSH Authentication key box

Set Enable SSH Brute Force Protection to Yes

Scroll down and click Apply

enable-ssh-wan-on-asus-routers-merlin

Now you have enabled SSH access on your ASUS router so you can install additional software, change configurations, enable custom DDNS (guide incoming) and more.