🌑

Linhost.info

Home VM

Mikrotik RouterOS - Change SSH Default Port Number

From the RouterOS command line move to /ip service and issue the print command this will display port numbers for various services and which of those services are currently enabled. I will also cover how to disable the services if you wish, the output below is from a recent RouterOS install.

1
2
3
4
5
6
7
8
9
10
11
12
[admin@MikroTik] /ip service> print

Flags: X - disabled, I - invalid
 #   NAME                                PORT ADDRESS                                                                  CERTIFICATE
 0   telnet                                23
 1   ftp                                   21
 2   www                                   80
 3   ssh                                 22
 4 XI www-ssl                              443                                                                          none
 5   api                                 8728
 6   winbox                              8291
 7   api-ssl                             8729

From /ip service set the new SSH port number. Pick a number you like or you can use the following list https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.

1
[admin@MikroTik] /ip service> set ssh port=2987

The change takes effectively immediately.

Disable a Service

Disabling a service is equally easy just type disable followed by the service name. It’s always a good idea to disable unused services. Below I’ve disable three different services.

1
[admin@MikroTik] /ip service> disable telnet
1
[admin@MikroTik] /ip service> disable ftp
1
[admin@MikroTik] /ip service> disable winbox

Issue the print command to verify the port change, note that certain services have a X in front of them indicating the service has been disabled.

1
2
3
4
5
6
7
8
9
10
11
12
[admin@MikroTik] /ip service> print

Flags: X - disabled, I - invalid
 #   NAME                  PORT ADDRESS                                                     CERTIFICATE
 0 XI telnet                  23
 1 XI ftp                     21
 2   www                     80
 3   ssh                   2484
 4 XI www-ssl                443                                                             none
 5   api                   8728
 6 XI winbox                8291
 7   api-ssl               8729                                                             none

— Apr 24, 2016