How to enable secure access via SSH and HTTPS on Mikrotik

🔐 Securing remote access to your MikroTik router is essential to protect your network from unauthorized access and potential threats. While MikroTik offers various ways to manage your router (like Winbox and WebFig), you should enable SSH. Doing so will provide encrypted and secure channels for remote administration. Additionally, enable HTTPS for further protection. SSH is perfect for command-line access, while HTTPS encrypts web-based GUI management.

This guide will walk you through the steps to enable SSH and HTTPS access on your MikroTik router. It explains how to use both Winbox and the CLI.

⚙️ Steps to Enable SSH and HTTPS on MikroTik Router

🔍 Prerequisites

• MikroTik RouterOS (preferably updated to latest version)
• Admin access via Winbox or terminal
• Basic networking knowledge

🖥️ Enable SSH Access

Option A: Using Winbox

1. Open Winbox and log in to your router.
2. Go to IP → Services.
3. Find the SSH service in the list.
4. Make sure it’s enabled (check the checkbox).
5. (Optional but recommended) Change the default port from 22 to something higher (e.g., 2222) to reduce automated attack attempts.
6. Apply IP address restrictions by setting Available From to trusted IPs only (e.g., 192.168.88.0/24 or your public IP).

Click on SSH, it will pop up the tab to edit the port

Option B: Using CLI

/ip service enable ssh
/ip service set ssh port=2222 address=192.168.88.0/24

🌐 Enable HTTPS (Secure Web Access)

Option A: Using Winbox

1. Go to IP → Services.
2. Find www-ssl (this is the HTTPS service).
3. Make sure it’s enabled.
4. (Optional) Change the port from 443 to another secure port (e.g., 8443).
5. Restrict access using the Available From field.

Click on WWW-SSL, it will pop up the tab and you can change to new port

Note: If www-ssl is missing, your router may not have an SSL certificate installed. You can create a self-signed certificate:

1. Go to System → Certificates.
2. Click Add to generate a new certificate:
   • Name: myCert
   • Common Name: router.local or your domain/IP
3. Sign the certificate.
4. Set it as the SSL certificate under IP → Services → www-ssl.

Option B: Using CLI

/ip service enable www-ssl
/ip service set www-ssl port=8443 address=192.168.88.0/24

# Create and sign self-signed certificate if needed
/certificate add name=myCert common-name=router.local key-usage=key-cert, tls-server
/certificate sign myCert
/ip service set www-ssl certificate=myCert

🛡️ Best Practices

• Disable unused services like Telnet or FTP: /ip service disable telnet /ip service disable ftp
• Use strong passwords and consider using public key authentication for SSH.
• Limit access to known/trusted IP addresses using the Available From field.
• Regularly update RouterOS for security patches.

✅ Final Thoughts

Enabling SSH and HTTPS access on your MikroTik router ensures secure and encrypted communication. This is especially important when managing devices remotely. With these protocols in place and unnecessary services disabled, your network’s control plane becomes significantly more secure. Learn more about how to remotely access Mikrotik Router via SSH and HTTPS to test after you have been enabled.

🔗 Tip: If you’re upgrading your MikroTik router, consider secure remote access for multiple sites. Check out our recommended devices on our Amazon affiliate store. Your purchase supports our site at no extra cost to you!