Hi, im securing my new router this morning, but when i disable MAC-servers i loose the access via winbox.
I try the ssh login to undo changes but cannot reach my router.
Telnet is disabled.
Ssh verbose mode:
C:\Users>ssh -vvvl XXXXXXX 192.168.100.1
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users//.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 192.168.100.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.100.1 [192.168.100.1] port 22.
debug3: finish_connect - ERROR: async io completed with error: 10060, io:0000019146A6BA60
debug1: connect to address 192.168.100.1 port 22: Connection timed out
ssh: connect to host 192.168.100.1 port 22: Connection timed out
Means of management access are all configurable on ROS. So it is possible to disable ssh access (in /ip services) and it’s likely you did it before you dissbled MAC access. Or you actually strenghtened IP firewall a tad too much.
It is fine to be paranoid, but you also have to understand what actions actually do. And using safe mode is very smart thing to do.
Hi, mkx thanks for your answer, im sure ssh and winbox services are enabled.
Maybe some firewall configuration?, any option to enter router without reset configuration?
Probably no, MAC services are usually used as last resort to get in. Well, there’s possibility of using some kind of serial console (on devices supporting it) or woobm (on devices with USB port).
BTW, personally I don’t see any point in disabling MAC services entirely. For paranoid minds it is possible to create a management VLAN with a small number of dedicated access ports strategically distributed around network … and constrain MAC services to that VLAN.