elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-06-21 18:23:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Page: Mikrotik RouterOS
Pages
ArubaOS Switch (AOS S) 16.11 Dropbear 2022.83 Extreme Networks (Fabric Engine and Switch Engine) Fortinet FortiOS FreeBSD OpenSSH Hardening Guide ‐ FreeBSD Blog FreeBSD Home Mikrotik RouterOS OPNsense 20.7 and newer Proxmox VE 7.3 6 SSH Hardening Guides Index Synology DSM Ubuntu 22.04 LTS Client Linux Mint 21 Client Void Linux Windows 11 macOS 13 (Ventura) & 14 (Sonoma)
Clone
7
Mikrotik RouterOS
Mathieu Simon edited this page 2024-07-29 18:51:13 +02:00
Table of Contents

RouterOS (sometimes shortened to ROS) is an embedded operating system used on various appliances from Mikrotik. Depending on the version of RouterOS, not all commands may be available, and if major differences are known, they are combined in a version-specific section.

SSH into an appliance or virtual machine running RouterOS, or in case of a physical device use a local serial connection in order to apply these options.

RouterOS >= 7.7

RouterOS 7.7 was the first release supporting ed25519 host keys.

/ip ssh set host-key-size=4096 host-key-type=ed25519 strong-crypto=yes
/ip/ssh/regenerate-host-key

References

What's new in 7.7 (2023-Jan-12 09:35): 

[...]

*) ssh - added support for Ed25519 key exchange;

RouterOS <= 7.6

/ip ssh set host-key-size=4096 strong-crypto=yes
/ip/ssh/regenerate-host-key

Limitations

In most versions of RouterOS the options available don't permit reaching a perfect score, here are some of the reasons:

  • Host-key algorithms: Not (yet) adjustable.
  • Key exchange algorithms: Offers only limited adjustability (strong-crypto=yes)
  • Message authentication codes: Not (yet) adjustable.

Additional information

Validated versions

RouterOS ssh-audit
7.11.2 master @ 02ab487232de438c0811116f2676cb1c9b5f3d62
7.3.1 master @ 02ab487232de438c0811116f2676cb1c9b5f3d62
6.49.10 master @ 02ab487232de438c0811116f2676cb1c9b5f3d62

footer2