Difference between revisions of "Manual:IP/SSH"

From MikroTik Wiki
Jump to: navigation, search
(Summary)
m
Line 1: Line 1:
 
{{Versions|v5}}
 
{{Versions|v5}}
 
  
 
==Summary==
 
==Summary==
  
 
This menu controls if ssh port forwarding is/is not allowed on the router. Enabling this feature remote hosts are able to create ssl encrypted connection from remote host to router port.
 
This menu controls if ssh port forwarding is/is not allowed on the router. Enabling this feature remote hosts are able to create ssl encrypted connection from remote host to router port.
 
{{Note|we fully support SFTP v3 as described in [http://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/draft-ietf-secsh-filexfer-02.txt draft-ietf-secsh-filexfer-02.txt] other versions can cause problems}}
 
  
 
==Settings==
 
==Settings==
Line 32: Line 29:
  
 
now when user uses ''telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.
 
now when user uses ''telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.
 +
 +
{{Note|we fully support SFTP v3 as described in [http://tools.ietf.org/wg/secsh/draft-ietf-secsh-filexfer/draft-ietf-secsh-filexfer-02.txt draft-ietf-secsh-filexfer-02.txt] other versions can cause problems}}
  
 
[[Category:Manual|T]] [[Category:IP|T]] [[Category:Console|S]]
 
[[Category:Manual|T]] [[Category:IP|T]] [[Category:Console|S]]

Revision as of 09:53, 6 August 2012

Version.png

Applies to RouterOS: v5

Summary

This menu controls if ssh port forwarding is/is not allowed on the router. Enabling this feature remote hosts are able to create ssl encrypted connection from remote host to router port.

Settings

Property Desciption
forwarding-enabled (no|yes default:no) controls ssh port forwarding

Example

To use this feature from Linux host using OpenSSH client this command can be used:

 ssh reamoteuser@remotehost -L port:remotehost:remoteport

where:

  • remoteuser - user of router
  • remotehost - router address (if host name is used in -L settings, router should be able to resolve this name)
  • port - local port that your host will listen on
  • remoteport - port on the router

If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:

ssh admin@192.168.88.1 -L 3000:192.168.88.1:23

now when user uses telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.

Icon-note.png

Note: we fully support SFTP v3 as described in draft-ietf-secsh-filexfer-02.txt other versions can cause problems