MikroTik

Posted: **Sat Aug 05, 2017 3:29 pm**

Hi all. I tried to search previous discussions but those are pointing to requests different from mine.

So after discovering ssh tunneling some years ago, I used it frequently for quick connections (I know that setting up a VPN would be better, but I want something quick and not permanent). Nevertheless sometimes I would like to connect to a remote computer from one or more system. Say, the target is T and I have the source S1 and S2 that want to connect to T, to a specific port, through a SSH tunnel.

What I figured is: If I make a ssh tunnel on the mikrotik, and expose the port, say, 3800, I can connect to this port from S1 and S2 so I connect directly to T . So my plan was to use something like:
ssh host -p port -L routerOsIpOnLan:port:targetIP:port
on the mikrotik but it seems that it is not possible to extablish forwardings from routerOS itself. Is that true?

Should I download some "advanced" package?

If it is true, I need to combine routeros with openwrt, to solve the need. If the need becomes permanent, then, I'll make a VPN.

Posted: **Sat Aug 12, 2017 10:59 pm**

I am not sure but I think that the ssh client packaged with routerOS is not yet able to support forwardings, can anyone confirm?

Posted: **Sat Aug 12, 2017 11:08 pm**

Hi,

I am not sure but I think that the ssh client packaged with routerOS is not yet able to support forwardings, can anyone confirm?

It is possible - it's just not enabled by default. The below command should enable it for you:

 /ip ssh set forwarding-enabled=yes

https://wiki.mikrotik.com/wiki/Manual:IP/SSH

Posted: **Sun Aug 13, 2017 11:00 am**

Thanks for the answer!

I tried but I get this:

[admin@MikroTik] > system ssh address=192.168.88.3 port=22 -L
/pckg/security/nova/bin/ssh: invalid option -- L
Logger: no runner while connecting to log
Logger: no runner while connecting to log
parsing arguments failed
Logger: no runner while connecting to log
Usage: ssh [arguments] [hostname] [command]
-h host
-l login
-p port
-i interface index
-b bind address
-T disable pseudo tty
-u current user
-o output to file, must be used without pseudo tty
-r connect to RoMON host
-t routing table

Welcome back!
[admin@MikroTik] > ip ssh print 
           forwarding-enabled: yes
  always-allow-password-login: no
                strong-crypto: no
                host-key-size: 2048

Likely the forwarding seems to work if from linux/putty I use the router as forwarder, but I initiate the connection from another machine. Instead I want to initiate the connection from the routerOS itself but the ssh client seems somewhat limited.

Maybe is it the version? I have routerOS 6.39 on the hAP mini.

Posted: **Wed Aug 16, 2017 11:44 am**

Instead I want to initiate the connection from the routerOS itself but the ssh client seems somewhat limited.

Ah yes my apologies. The instructions I gave were to allow establishing a tunnel through RouterOS. Not originating from it. Unfortunately I don't think that is possible.

MikroTik

ssh tunnel hosted on the routerboard.

ssh tunnel hosted on the routerboard.

Re: ssh tunnel hosted on the routerboard.

Re: ssh tunnel hosted on the routerboard.

Re: ssh tunnel hosted on the routerboard.

Re: ssh tunnel hosted on the routerboard.