faq:mikrotik:ssh
SSH server
Allow connecting from WAN
- Set password for admin
- Create separate user for SSH connection, kasatkin for example
- Enable SSH service (enabled by default)
- Set allow from 0.0.0.0/0
- Allow SSH traffic through firewall:
/ip firewall filter add action=accept chain=input disabled=no dst-port=22 protocol=tcp place-before=0
Public keys
- Use RSA key
- Enable FTP service from 0.0.0.0/0
- Allow FTP through firewall
- Upload id_rsa.pub key via FTP client in passive mode
- Assign public key to user:
/user ssh-keys import public-key-file=id_rsa.pub
user: kasatkin
- Disable FTP, if needed
- Allow password login if needed: 1)
/ip ssh set always-allow-password-login=yes
SSH forwarding
To allow forwarding of TCP ports via SSH connection (on both local and remote side): 2)
/ip ssh set forwarding-enabled=both
faq/mikrotik/ssh.txt · Последнее изменение: 2022-02-19 18:16 — 127.0.0.1