Manual:IP/SSH: Difference between revisions
Jump to navigation
Jump to search
m →Settings: strong-crypto |
→Settings: negerate import and export keys |
||
| Line 16: | Line 16: | ||
|style="border-bottom:1px solid gray;" valign="top"|'''always-allow-password-login''' ''(no|yes default:no)'' | |style="border-bottom:1px solid gray;" valign="top"|'''always-allow-password-login''' ''(no|yes default:no)'' | ||
|style="border-bottom:1px solid gray;" valign="top"|controls ssh authentication methods, if set to yes, does not remove form allowed methods password_login | |style="border-bottom:1px solid gray;" valign="top"|controls ssh authentication methods, if set to yes, does not remove form allowed methods password_login | ||
|- | |||
|style="border-bottom:1px solid gray;" valign="top"|'''export-host-key''' '''' | |||
|style="border-bottom:1px solid gray;" valign="top"|exports router private key | |||
|- | |||
|style="border-bottom:1px solid gray;" valign="top"|'''import-host-key''' '''' | |||
|style="border-bottom:1px solid gray;" valign="top"|imports user provided private key and replaces current host key | |||
|- | |||
|style="border-bottom:1px solid gray;" valign="top"|'''regenerate-host-key''' '''' | |||
|style="border-bottom:1px solid gray;" valign="top"|generated new set of private keys on the router and replaces current ones in use | |||
|- | |- | ||
|style="border-bottom:1px solid gray;" valign="top"|'''strong-crypto''' ''(no|yes default:no)'' | |style="border-bottom:1px solid gray;" valign="top"|'''strong-crypto''' ''(no|yes default:no)'' | ||
Revision as of 15:50, 11 November 2015
Applies to RouterOS: v5
Summary
This menu controls if ssh server behaviour regarding port forward and authentication methods.
Settings
| Property | Desciption |
|---|---|
| forwarding-enabled (no|yes default:no) | controls ssh port forwarding |
| always-allow-password-login (no|yes default:no) | controls ssh authentication methods, if set to yes, does not remove form allowed methods password_login |
| export-host-key ' | exports router private key |
| import-host-key ' | imports user provided private key and replaces current host key |
| regenerate-host-key ' | generated new set of private keys on the router and replaces current ones in use |
| strong-crypto (no|yes default:no) | Introduces following changes in ssh configuration:
|
Example
To use this feature from Linux host using OpenSSH client this command can be used:
ssh reamoteuser@remotehost -L port:remotehost:remoteport
where:
- remoteuser - user of router
- remotehost - router address (if host name is used in -L settings, router should be able to resolve this name)
- port - local port that your host will listen on
- remoteport - port on the router
If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:
ssh admin@192.168.88.1 -L 3000:192.168.88.1:23
now when user uses telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.
Note: we fully support SFTP v3 as described in draft-ietf-secsh-filexfer-02.txt other versions can cause problems