System information
Manual:System/SSH client
50
Executing remote commands
To execute remote command it has to be supplied at the end of log-in line
/system ssh 192.168.88.1 "/ip address print"
/system ssh 192.168.88.1 command="/ip address print"
/system ssh 2001:db8:add:1337::beef "/ip address print"
/system ssh 2001:db8:add:1337::beef command="/ip address print"
Warning: If server does not support pseudo-tty (ssh -T or ssh host command), like mikrotik ssh server, then
it is not possible to send multiline commands via SSH
For example, sending command "/ip address \n add address=1.1.1.1/24" to
Mikrotik router will fail.
[ Top | Back to Content ]
Manual:IP/SSH
Applies to RouterOS: v5
Summary
This menu controls if ssh server behaviour regarding port forward and authentication methods.
Settings
Property Desciption
forwarding-enabled (no|yes default:no) controls ssh port forwarding
always-allow-password-login (no|yes
default:no)
controls ssh authentication methods, if set to yes, does not remove form allowed methods
password_login
Example
To use this feature from Linux host using OpenSSH client this command can be used:
ssh reamoteuser@remotehost -L port:remotehost:remoteport
where:
•• remoteuser - user of router
•• remotehost - router address (if host name is used in -L settings, router should be able to resolve this name)
•• port - local port that your host will listen on
•• remoteport - port on the router
If user requires telnet to router, but you do not want to allow it to be plain text, Following can be done:
ssh admin@192.168.88.1 -L 3000:192.168.88.1:23
