Difference between revisions of "Manual:IP/SSH"
|Line 42:||Line 42:|
|desc=What RSA key size to use when host key is being
|desc=What RSA key size to use when host key is being regenerated.
Revision as of 11:08, 9 April 2019
This menu controls if ssh server behaviour regarding port forward and authentication methods.
|allow-none-crypto (yes|no; Default: yes)||Whether to allow connection if cryptographic algorithms are set to none.|
|always-allow-password-login (yes | no; Default: no)||Whether to allow password login at the same time when public key authorization is configured.|
|forwarding-enabled (both | local | no | remote; Default: remote)||Allows to control which SSH forwarding method to allow:
|host-key-size (1024 | 1536 | 2048 | 4096 | 8192; Default: 2048)||What RSA key size to use when host key is being regenerated.|
|strong-crypto (yes | no; Default: no)||Use stronger encryption, HMAC algorithms, use bigger DH primes and disallow weaker ones:
|export-host-key (key-file-prefix)||Export public and private RSA/DSA keys to files. Command takes one parameter:
|import-host-key (private-key-file)||Import and replace private DSA/RSA key from specified file. Command takes one parameter:
|regenerate-host-key ()||Generated new and replace current set of private keys (DSA, RSA) on the router. Be aware that previously imported keys might stop working.|
To use remote forwarding from Linux host using OpenSSH client type in following command:
ssh reamoteuser@remotehost -L port:remotehost:remoteport
- remoteuser - username on the router
- remotehost - routers address (router should be able to resolve host name if address is not an IP address)
- port - local port that your host will listen on
- remoteport - port on the router
If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:
ssh firstname.lastname@example.org -L 3000:192.168.88.1:23
now when user uses telnet localhost 3000" it will log in the router using telnet over encrypted tcp connection.
ssh -N -D <local_port> -l <user> <remote_address>
- local_port - local port that your host will listen on
- user - username on the router
- remote_address - routers address
ssh -N -v -D 9999 -l admin 192.168.88.1
Now you can use local port 9999 to fetch files:
curl -x socks5h://localhost:9999 https://download.mikrotik.com/routeros/winbox/3.18/winbox.exe