Инструменты пользователя

Инструменты сайта


faq:mikrotik:ssh

SSH server

Allow connecting from WAN

  • Set password for admin
  • Create separate user for SSH connection, kasatkin for example
  • Enable SSH service (enabled by default)
  • Set allow from 0.0.0.0/0
  • Allow SSH traffic through firewall:
/ip firewall filter add action=accept chain=input disabled=no dst-port=22 protocol=tcp place-before=0

Public keys

  • Use RSA key
  • Enable FTP service from 0.0.0.0/0
  • Allow FTP through firewall
  • Upload id_rsa.pub key via FTP client in passive mode
  • Assign public key to user:
/user ssh-keys import public-key-file=id_rsa.pub
user: kasatkin
  • Disable FTP, if needed
  • Allow password login if needed: 1)
/ip ssh set always-allow-password-login=yes

SSH forwarding

To allow forwarding of TCP ports via SSH connection (on both local and remote side): 2)

/ip ssh set forwarding-enabled=both
faq/mikrotik/ssh.txt · Последнее изменение: 2022-02-19 18:16 — 127.0.0.1