Manual:System/SSH client

From MikroTik Wiki
Jump to navigation Jump to search

Overview

RouterOS provides SSH client that supports SSHv2 logins to SSH servers reachable from the router.

Requirements

For this command to be available router has to have system and security packages installed.

Available features

Simple log-in to remote host

It is able to connect to remote host and initiate ssh session. IP address supports both IPv4 and IPv6.

/system ssh 192.168.88.1
/system ssh 2001:db8:add:1337::beef


In this case user name provided to remote host is one that has logged into the router. If other value is required, then user=<username> has to be used.

/system ssh 192.168.88.1 user=lala
/system ssh 2001:db8:add:1337::beef user=lala

Log-in from certain IP address of the router

For testing or security reasons it may be required to log-in to other host using certain source address of the connection. In this case src-address=<ip address> argument has to be used. Note that IP address in this case supports both, IPv4 and IPv6.


/system ssh 192.168.88.1 src-address=192.168.89.2
/system ssh 2001:db8:add:1337::beef src-address=2001:db8:bad:1000::2

in this case, ssh client will try to bind to address specified and then initiate ssh connection to remote host.

Log-in using certificate

For this to work user has to set up public key on remote end where ssh will connect to. How to do that on RouterOS you can read here. On local end router, public and private keys have to be uploaded to be used in /user ssh-keys private when adding private key and user name that will be able to use this key.

Warning: User with full rights on the router can change 'user' attribute value under /user ssh-keys privte



Here private key is created for use for user lala

/user ssh-keys private import private-key-file=id_dsa public-key-file=id_dsa.pub user=lala

Executing remote commands

To execute remote command it has to be supplied at the end of log-in line

/system ssh 192.168.88.1 "/ip address print"
/system ssh 192.168.88.1 command="/ip address print"
/system ssh 2001:db8:add:1337::beef "/ip address print"
/system ssh 2001:db8:add:1337::beef command="/ip address print"


Warning: If server does not support pseudo-tty (ssh -T or ssh host command), like mikrotik ssh server, then it is not possible to send multiline commands via SSH


For example, sending command "/ip address \n add address=1.1.1.1/24" to Mikrotik router will fail.


[ Top | Back to Content ]