Skip to main content

Remote Node Administration

Disclaimer

This is an advanced feature intended for experienced users. It’s possible (if not done carefully) to apply settings to a remote node that could cause it to disconnect from the mesh. Network admins are advised to use a test node to trial settings before applying changes to a remote node to prevent this.

This feature allows secure remote administration of Meshtastic nodes over the mesh network.

By default, nodes will only respond to administrative commands via the local USB, Bluetooth, or TCP interfaces. This basic security measure prevents unauthorized access and defines how standard administration and settings changes are managed. The only difference with remote administration is that commands are sent securely as Admin Messages over the mesh.

Prerequisites

For firmware versions 2.5 and later, remote administration is achieved by storing the public key of the local node in one of the Admin Key fields within the remote node’s Security Config. Each remote node can store up to three unique Admin Keys, providing flexibility for managing nodes across the network.

For firmware versions 2.4.x and earlier, this is achieved by creating a secondary channel named admin with a shared PSK. In this setup, messages exchanged on this channel are encrypted only with the channel’s PSK, allowing any node in the channel to administer others.

This admin channel method is still supported in firmware versions 2.5 and later, but must be specifically enabled via the "Legacy Admin channel" setting and is only for managing pre-2.5 nodes. A firmware version 2.5 and later node cannot be managed in this way.

info

Remote Admin is complemented by setting Managed Mode on the remote node, which restricts radio configurations on that node. It is not necessary to set Managed Mode for Remote Admin to function.

Remote Admin Config Client Availability

Apple

Setting up Remote Admin Using the PKC Method

  1. Connect to the node that will be used to administer the remote node.
  2. Go to Settings > App Settings on this node and enable Administration.
  3. Navigate to Settings > Radio Configuration > Security to find its public key.
  4. Copy the public key to use for configuring the remote node.
  5. Connect to the remote node.
  6. In Settings > Radio Configuration > Security, add the public key of the local node as an Admin Key.
  7. Up to 3 Admin Keys may be supplied, allowing up to 3 controlling nodes.
  8. On the remote node, go to Settings > App Settings and enable Administration.

Setting up Remote Admin using the Legacy method

An Admin channel is set up by entering a secondary channel with the name admin using the method described in Channels

Legacy admin is enabled using the Legacy Admin channel option in Security Config.

Carrying out Remote Admin tasks

  1. Open the Meshtastic App and connect to the local node you’re using to administer the remote node.
  2. Go to Settings.
  3. Select the node you want to manage under Settings > Configure Node.
  4. Suported Radio and Module settings for the remote node will be accessible from the Settings screen.
  5. When finished administering the remote node, select your own node again in Settings > Configure Node.