mirror of
https://github.com/jtesta/ssh-audit.git
synced 2025-02-23 01:45:51 +01:00
Page:
Mikrotik RouterOS
Pages
ArubaOS Switch (AOS S) 16.11
Dropbear 2022.83
Fortinet FortiOS
FreeBSD OpenSSH Hardening Guide ‐ FreeBSD Blog
FreeBSD
Home
Mikrotik RouterOS
OPNsense 20.7 and newer
Proxmox VE 7.3 6
SSH Hardening Guides Index
Synology DSM
Ubuntu 22.04 LTS Client Linux Mint 21 Client
Void Linux
Windows 11
macOS 13 (Ventura) & 14 (Sonoma)
Clone
7
Mikrotik RouterOS
Mathieu Simon edited this page 2024-07-29 18:51:13 +02:00
Table of Contents
RouterOS (sometimes shortened to ROS) is an embedded operating system used on various appliances from Mikrotik. Depending on the version of RouterOS, not all commands may be available, and if major differences are known, they are combined in a version-specific section.
SSH into an appliance or virtual machine running RouterOS, or in case of a physical device use a local serial connection in order to apply these options.
RouterOS >= 7.7
RouterOS 7.7 was the first release supporting ed25519 host keys.
/ip ssh set host-key-size=4096 host-key-type=ed25519 strong-crypto=yes
/ip/ssh/regenerate-host-key
References
What's new in 7.7 (2023-Jan-12 09:35):
[...]
*) ssh - added support for Ed25519 key exchange;
RouterOS <= 7.6
/ip ssh set host-key-size=4096 strong-crypto=yes
/ip/ssh/regenerate-host-key
Limitations
In most versions of RouterOS the options available don't permit reaching a perfect score, here are some of the reasons:
- Host-key algorithms: Not (yet) adjustable.
- Key exchange algorithms: Offers only limited adjustability (
strong-crypto=yes) - Message authentication codes: Not (yet) adjustable.
Additional information
Validated versions
| RouterOS | ssh-audit |
|---|---|
| 7.11.2 | master @ 02ab487232de438c0811116f2676cb1c9b5f3d62 |
| 7.3.1 | master @ 02ab487232de438c0811116f2676cb1c9b5f3d62 |
| 6.49.10 | master @ 02ab487232de438c0811116f2676cb1c9b5f3d62 |
footer2