Mikrotik RouterOS - Change SSH Default Port Number

From the RouterOS command line move to /ip service and issue the print command this will display port numbers for various services and which of those services are currently enabled. I will also cover how to disable the services if you wish, the output below is from a recent RouterOS install.

1
2
3
4
5
6
7
8
9
10
11
12
[admin@MikroTik] /ip service> print

Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 telnet 23
1 ftp 21
2 www 80
3 ssh 22
4 XI www-ssl 443 none
5 api 8728
6 winbox 8291
7 api-ssl 8729

From /ip service set the new SSH port number. Pick a number you like or you can use the following list https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.

1
[admin@MikroTik] /ip service> set ssh port=2987

The change takes effectively immediately.

Disable a Service

Disabling a service is equally easy just type disable followed by the service name. It’s always a good idea to disable unused services. Below I’ve disable three different services.

1
[admin@MikroTik] /ip service> disable telnet
1
[admin@MikroTik] /ip service> disable ftp
1
[admin@MikroTik] /ip service> disable winbox

Issue the print command to verify the port change, note that certain services have a X in front of them indicating the service has been disabled.

1
2
3
4
5
6
7
8
9
10
11
12
[admin@MikroTik] /ip service> print

Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 XI telnet 23
1 XI ftp 21
2 www 80
3 ssh 2484
4 XI www-ssl 443 none
5 api 8728
6 XI winbox 8291
7 api-ssl 8729 none