Community discussions

MUM Europe 2020
 
alex1
just joined
Topic Author
Posts: 22
Joined: Sun Jun 04, 2017 9:37 pm

How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 3:19 am

Folks,

I've been trying to find a way to disconnect active SSH or Winbox/Dude session to a router. For example, I deployed a MikroTik router and by accident left admin password as default (which is no password), then I logged in to a device and realized there's unknown SSH connection (unauthorized of course). To fix it I would change the password and disconnect existing SSH connection(s), but how?

I couldn't find a command to kick SSH or Winbox/Dude user.

Then I tried to terminate a connection using "/ip firewall connection remove ..." command, but it won't do anything with established TCP session. In particular I tried the following:

/ip firewall connection remove [/ip firewall connection find]

OR to be more specific and disconnect only Winbox/Dude connections (TCP/8291):

/ip firewall connection { remove [find where protocol=tcp and dst-address~":8291"] }

Then I tried to disable Winbox service on a router, but it won't turn down the existing Winbox connection(s).

/ip service set winbox disabled=yes

Looks like I'm missing something. It has to be a way to turn down existing TCP connection by command without rebooting the whole device. Please help.
 
User avatar
16again
newbie
Posts: 48
Joined: Fri Dec 29, 2017 12:23 pm

Re: How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 1:33 pm

Add black-hole /32 route for unauthorized source IP .
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 4:03 pm

Active sessions are visible under System/scripts/jobs. Terminate these job(s) which will terminate the sessions too.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 229
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 7:18 pm

I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
haik01
Member
Member
Posts: 406
Joined: Sat Mar 23, 2013 10:25 am
Location: Netherlands

Re: How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 9:03 pm

Simple: Change password, reboot device.

After that, the "unauthorized user" cannot login anymore. But you can. Yes, it requires a reboot, but if you do a scheduler for example at 3 AM..... then no one will be bothered for the 3 minutes the RouterOS needs to restart. Or blame it to temporary ISP problems....
 
alex1
just joined
Topic Author
Posts: 22
Joined: Sun Jun 04, 2017 9:37 pm

Re: How to disconnect active SSH or Winbox or TCP session

Fri Dec 29, 2017 9:54 pm

Folks,

Thank you for sharing your thoughts.

Add black-hole /32 route for unauthorized source IP .

Well, as an ultimate solution that might work. Very good.

/ip route add dst-address=1.2.3.4 type=blackhole



Active sessions are visible under System/scripts/jobs. Terminate these job(s) which will terminate the sessions too.

That's awesome! For example, if you'd like to kick a user from the CLI you can do that by executing:

/system script job { remove [find where owner=johndoe] }

BUT the problem is that it works for SSH connections ONLY. Winbox and Dude connections will do NOT have associated jobs. Is there any other way/workaround?



Really? I just can't believe it. It has to be a way to kick out a user or terminate TCP session properly. As "16again" said, the workaround is to use "blackhole" route, but it's NOT the right way. Any other suggestions?

Thanks.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1796
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: How to disconnect active SSH or Winbox or TCP session

Sat Dec 30, 2017 11:58 pm

variation on the blackhole -> firewall ip on input/output chain
 
emikrotik
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 19, 2015 9:30 am

Re: How to disconnect active SSH or Winbox or TCP session

Wed Jan 03, 2018 10:24 am

Not sure if this will work?

Add a filter rule to drop connections from the source IP Address then then go to firewall > connections and delete the connection?

Who is online

Users browsing this forum: No registered users and 92 guests