Mikrotik RouterOS - Change SSH Default Port Number
Created2016-04-24Updated2020-08-11
From the RouterOS command line move to /ip service and issue the print command this will display port numbers for various services and which of those services are currently enabled. I will also cover how to disable the services if you wish, the output below is from a recent RouterOS install.
1 2 3 4 5 6 7 8 9 10 11 12
[admin@MikroTik] /ip service> print
Flags: X - disabled, I - invalid # NAME PORT ADDRESS CERTIFICATE 0 telnet 23 1 ftp 21 2 www 80 3 ssh 22 4 XI www-ssl 443 none 5 api 8728 6 winbox 8291 7 api-ssl 8729
Disabling a service is equally easy just type disable followed by the service name. It’s always a good idea to disable unused services. Below I’ve disable three different services.
1
[admin@MikroTik] /ip service> disable telnet
1
[admin@MikroTik] /ip service> disable ftp
1
[admin@MikroTik] /ip service> disable winbox
Issue the print command to verify the port change, note that certain services have a X in front of them indicating the service has been disabled.
1 2 3 4 5 6 7 8 9 10 11 12
[admin@MikroTik] /ip service> print
Flags: X - disabled, I - invalid # NAME PORT ADDRESS CERTIFICATE 0 XI telnet 23 1 XI ftp 21 2 www 80 3 ssh 2484 4 XI www-ssl 443 none 5 api 8728 6 XI winbox 8291 7 api-ssl 8729 none