...
The settings submenu allows to control the password complexity requirements of the router users.
Property | Description |
---|---|
minimum-password-length (integer; 0..4294967295; Default: ) | Specifies the minimum character length of the user password |
minimum-categories (integer; 0..4; Default: ) | Specifies the complexity requirements of the password, with categories being uppercase, lowercase, digit, symbol. |
...
Property | Description |
---|---|
name (string; Default: ) | The name of the user group |
policy (local | telnet | ssh | ftp | reboot | read | write | policy | test | winbox | password | web | sniff | sensitive | api | romon | dude | tikapp; Default: none) | List of allowed policies: Login policies:
Config Policies:
|
skin (name; Default: default) | Used skin for WebFig |
Default groups
There are three default system groups that which cannot be deleted:
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] > /user group print 0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!ftp,!write,!policy,!dude skin=default 1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!ftp,!policy,!dude skin=default 2 name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!dude skin=default |
Please note, that even the "read" group includes sensitive, reboot, and other important policies, meaning that this group should not be given to untrusted users. For truly limited groups, make a custom group, defining specific policies. All groups have access to file operations. Exclamation sign '!' just before the policy item name means NOT.
Router Users
Router The router user database stores the information such as username, password, allowed access addresses, and group about router management personnel.
...
Property | Description |
---|---|
address (IP/mask | IPv6 prefix; Default: ) | Host or network address from which the user is allowed to log in |
group (string; Default: ) | Name of the group the user belongs to |
name (string; Default: ) | User name. Although it must start with an alphanumeric character, it may contain "*", "_", ".", and "@" symbols. |
password (string; Default: ) | User password. If not specified, it is left blank (hit [Enter] when logging in). It conforms to standard Unix characteristics of passwords and may contain letters, digits, "*" and "_" symbols. |
last-logged-in (time and date; Default: "") | Read-only field. Last time and date when a user logged in. |
...
Property | Description |
---|---|
accounting (yes | no; Default: yes) | |
exclude-groups (list of group names; Default: ) | Exclude-groups consists consist of the groups that should not be allowed to be used for users authenticated by radius. If the radius server provides a group specified in this list, the default-group will be used instead.
|
default-group (string; Default: read) | User group used by default for users authenticated via a RADIUS server. |
interim-update (time; Default: 0s) | Interim-Update time interval |
use-radius (yes |no; Default: no) | Enable user authentication via RADIUS |
...
Warning |
---|
By default, User is not allowed to login log in via SSH by password if an SSH key for the user is added. More on For more details see the SSH page. |
Public keys
This menu is used to import and list imported public keys. Public keys are used to approve another device's identity when logging into a router using an SSH key.
...
Info |
---|
RSA and Ed25519 keys are supported in PEM, PKCS#8, or OPENSSH OpenSSH format. |
Property | Description |
---|---|
user (string; Default: ) | username to which the SSH key is assigned. |
key-owner (string) | SSH key owner |
public-key-file (string) | file name in the router's root directory containing the public key. |
Private keys
This menu is used to import and list imported private keys. Private keys are used to approve a the router's identity during login into another device using an SSH key.
...
Property | Description |
---|---|
user (string; Default: ) | username to which the SSH key is assigned. |
key-owner (string) | SSH key owner |
private-key-file (string) | file name in the router's root directory containing the private key. |
passphrase (string) | key file passphrase |
...