I want to connect via SSH from the laptop to the mikrotik router on the same network. I can ping. Login is possible with Winbox, but SSH times out. It is enabled in the IP/SERVICE menu. I have no idea why I can't log in. Did I disable it with something? I am attaching a terminal command. I would be happy to receive advice and help.
THX!
Code: Select all
/interface bridge
add comment=defconf name=bridge
add name=wifi-bridge
/interface wireless
set [ find default-name=wlan1 ] name=wlan3 ssid=MikroTik
/interface ethernet
set [ find default-name=ether1 ] mac-address=C4:AD:34:E0:DB:FB
set [ find default-name=ether2 ] mac-address=C4:AD:34:E0:DB:FC
set [ find default-name=ether3 ] mac-address=C4:AD:34:E0:DB:FD
/interface pwr-line
set [ find default-name=pwr-line1 ] mac-address=C4:AD:34:E0:DC:1C
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Controller ranges=10.99.99.10
add name=NGBS ranges=10.99.99.20
add name=WIFI ranges=10.99.99.30-10.99.99.40
/ip dhcp-server
add address-pool=NGBS disabled=no interface=bridge name=defconf
add address-pool=WIFI disabled=no interface=wifi-bridge name=Wifi
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=*5
add bridge=wifi-bridge interface=*7
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.99.99.1/24 comment=defconf interface=bridge network=10.99.99.0
add address=10.99.99.1/24 interface=wifi-bridge network=10.99.99.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=10.99.99.0/24 comment=defconf gateway=10.99.99.1
/ip dhcp-server vendor-class-id
add address-pool=Controller name=chameleon vid=\
dhcpcd-8.1.2:Linux-4.19.97-v7+:armv7l:BCM2835
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="allow winbox from inet" dst-port=8291 \
protocol=tcp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="NGBS master - iCon" dst-port=502 \
in-interface=ether1 protocol=tcp to-addresses=10.99.99.20 to-ports=502
/system clock
set time-zone-name=Europe/Budapest
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
