I’ve been trying to find a way to disconnect active SSH or Winbox/Dude session to a router. For example, I deployed a MikroTik router and by accident left admin password as default (which is no password), then I logged in to a device and realized there’s unknown SSH connection (unauthorized of course). To fix it I would change the password and disconnect existing SSH connection(s), but how?
I couldn’t find a command to kick SSH or Winbox/Dude user.
Then I tried to terminate a connection using “/ip firewall connection remove …” command, but it won’t do anything with established TCP session. In particular I tried the following:
After that, the “unauthorized user” cannot login anymore. But you can. Yes, it requires a reboot, but if you do a scheduler for example at 3 AM… then no one will be bothered for the 3 minutes the RouterOS needs to restart. Or blame it to temporary ISP problems…
Well, as an ultimate solution that might work. Very good.
/ip route add dst-address=1.2.3.4 type=blackhole
That’s awesome! For example, if you’d like to kick a user from the CLI you can do that by executing:
/system script job { remove [find where owner=johndoe] }
BUT the problem is that it works for SSH connections ONLY. Winbox and Dude connections will do NOT have associated jobs. Is there any other way/workaround?
Really? I just can’t believe it. It has to be a way to kick out a user or terminate TCP session properly. As “16again” said, the workaround is to use “blackhole” route, but it’s NOT the right way. Any other suggestions?
I know it’s a little be late, here is the resolution :
new terminal → User → Active → Request-logout Numbers=*
where * is the session number
you can find session number by using Print cmd in User Directory.
Best
The solution is.
a. netinsall the current router, its config can no longer be trusted.
b. use a checklist for deployments and get out of the bad habit of editing router without first changing password etc…