Folks,

I've been trying to find a way to disconnect active SSH or Winbox/Dude session to a router. For example, I deployed a MikroTik router and by accident left admin password as default (which is no password), then I logged in to a device and realized there's unknown SSH connection (unauthorized of course). To fix it I would change the password and disconnect existing SSH connection(s), but how?

I couldn't find a command to kick SSH or Winbox/Dude user.

Then I tried to terminate a connection using "/ip firewall connection remove ..." command, but it won't do anything with established TCP session. In particular I tried the following:


OR to be more specific and disconnect only Winbox/Dude connections (TCP/8291):


Then I tried to disable Winbox service on a router, but it won't turn down the existing Winbox connection(s).


Looks like I'm missing something. It has to be a way to turn down existing TCP connection by command without rebooting the whole device. Please help.

Add black-hole /32 route for unauthorized source IP .

Active sessions are visible under System/scripts/jobs. Terminate these job(s) which will terminate the sessions too.

Look this:
viewtopic.php?f=1&t=45934&p=594406&hilit=active#p594533

http://demo.mt.lv/webfig/#System:Users.Active_Users

Apparently there is no way, only with reboot.

Simple: Change password, reboot device.

After that, the "unauthorized user" cannot login anymore. But you can. Yes, it requires a reboot, but if you do a scheduler for example at 3 AM..... then no one will be bothered for the 3 minutes the RouterOS needs to restart. Or blame it to temporary ISP problems....

Folks,

Thank you for sharing your thoughts.

Add black-hole /32 route for unauthorized source IP .

Well, as an ultimate solution that might work. Very good.

Active sessions are visible under System/scripts/jobs. Terminate these job(s) which will terminate the sessions too.

That's awesome! For example, if you'd like to kick a user from the CLI you can do that by executing:


BUT the problem is that it works for SSH connections ONLY. Winbox and Dude connections will do NOT have associated jobs. Is there any other way/workaround?



Really? I just can't believe it. It has to be a way to kick out a user or terminate TCP session properly. As "16again" said, the workaround is to use "blackhole" route, but it's NOT the right way. Any other suggestions?

Thanks.

variation on the blackhole -> firewall ip on input/output chain

Not sure if this will work?

Add a filter rule to drop connections from the source IP Address then then go to firewall > connections and delete the connection?

I know it's a little be late, here is the resolution :
new terminal -> User -> Active -> Request-logout Numbers=*
where * is the session number
you can find session number by using Print cmd in User Directory.
Best

The solution is.
a. netinsall the current router, its config can no longer be trusted.
b. use a checklist for deployments and get out of the bad habit of editing router without first changing password etc.............