From MikroTik Wiki
< Manual:IP
Revision as of 08:15, 19 September 2011 by Janisk (talk | contribs) (Summary: draft-ietf-secsh-filexfer-02.txt)
Jump to: navigation, search


This menu controls if ssh port forwarding is/is not allowed on the router. Enabling this feature remote hosts are able to create ssl encrypted connection from remote host to router port.


Note: This feature is available starting 5.0rc1


Note: we fully support SFTP v3 as described in draft-ietf-secsh-filexfer-02.txt other versions can cause problems


Property Desciption
forwarding-enabled (no|yes default:no) controls ssh port forwarding


To use this feature from Linux host using OpenSSH client this command can be used:

 ssh reamoteuser@remotehost -L port:remotehost:remoteport


  • remoteuser - user of router
  • remotehost - router address (if host name is used in -L settings, router should be able to resolve this name)
  • port - local port that your host will listen on
  • remoteport - port on the router

If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:

ssh admin@ -L 3000:

now when user uses telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.