Hi,
I have script that should run command on remote mikrotik. I made keys and tested it. It works. But problem is to put it in script.
This script named “disable_ether5” looks like this:
/system ssh 172.19.3.12 "/interface ethernet disable ether5"
If I run it in terminal like this:
/system script run disable_ether5
it works, but if I press “Run Script” button in winbox it does not work.
Main problem is that it also does not work in Netwach.
I had this problem a while back using v5.7: http://forum.mikrotik.com/t/ssh-between-routers-works-in-terminal-but-not-in-script/56818/1 never found an answer… but I have not tried it again on more recent versions.
MikroTik says Netwatch won’t work with private keys: http://forum.mikrotik.com/t/problem-with-ssh-client-user-option-not-working/60288/1
Thank you. They should make it possible to give owner of netwach.
I have used the following work around in several other scripts, it may work for you as well (even to answer the netwatch issue).
Create the desired script as a scheduler event (in this example it will be named “netwatchsch1”.
In your netwatch action, update the scheduled start-time to 1 second in the future using the following:
/system scheduler set [find name=netwatchsch1] set start-time=([/sys clock get time] + 0:0:1)
This will allow a Netwatch action to execute under the user that created the scheduled event and thus, should overcome the certificate issues. Remember that the certificates of the scheduled event owner will be used and the scheduled event owner is the user that created the event in the first place.
When I read your message it all sounded logic, and I thought “This is it!”, but it does not work.
I did not even used Netwach. I only made Scheduler that is trigering every two seconds, but nothing hapends. Trigering script from terminal still works.
I only have one user on both routers (admin), so owner of keys, scripts and scheduler is same.
PS.
I have deleted keys on both routers, but sending commands from terminal still worked. I was frustrated, then I noticed that if username and password are same on both routers, keys are not needed. I changed password, and used keys for further testing.
I have used v5.24 on RB450 on both routers. I have also tested this on clean mikrotiks in VMware.
Thank you
everything that looks suspiciously interactive, like ssh login or telnet login will not work if ran from scheduler or script.
I have a similar issue, running RoS 5.24. I have set up the user admin-ssh on both routers, given them FULL rights (for now), and loaded the Public Key on the Host and Private & Public Keys on the client.
The script owner is admin-ssh
If I execute the script from a New Terminal in Winbox (logged into Winbox as admin-ssh on the client router) and do “/system script run scriptname” it works with no interaction.
If I try and run the same script in the same Winbox session (logged in as admin-ssh) by selecting it from the script list and select Run Script it starts and logs the first info message but gets no further. Anything from the SSH command onwards is not executed.
No sign of a connection attempt on the host router in the ssh debug log either.
Here is the script:-
/log info “Running SSH test”
/system ssh x.x.x.x user=admin-ssh “/log error "Here I am"”;
/log error “SSH Communicated to x.x.x.x”;
it is not possible to execute interactive commands from other scripts via script.
If you open terminal it is OK
if that is done via script = nothing happens.
Still no progress on the problem? 6.6 is already out today… Oh when we routeros users will be happy to have remote ssh commands called from scripts working?.. 
This is lame… I want to make a script that change somethings on 20 AP’s via ssh, but hmmmm nooo …I cant! …because Mikrotik doesn’t want me to be lazy, and Mikrotik wants me to login into each router and change stuff. I don’t get the point of not allowing it, I like my stuff to be automated, I like my scripts to run then I’m drinking or sleeping or out, if a problem gets detected I want a script to run, can’t here… Mikrotik 
/system ssh 1.2.3.4 user=admin "/log print “hello”;
It asked me for a password, I want to put my password into my scripts, and btw, it takes a password to log into my routers, but I want my routers to give each other commands when triggered
Well you get around the requirement for interaction and passwords by using ssh keys, however that doesn’t help when you run the script from the scheduler
Here’s my script:
add name=remotebackup policy=read,write,test source=“/log info "start backup"; /log info "Get R1"; /system ssh 1.2.3.4 user=backup "export compact" output-to-file=autobackup_R1 ; /log info "end backup"”
When you run /system script run 0
(R0) 08:59:46 script,info start backup
(R0) 08:59:46 script,info Get R1
(R1) 08:59:46 ssh,info publickey accepted for user: backup
(R1) 08:59:46 system,info,account user backup logged in from 1.2.3.4 via ssh
(R1) 08:59:47 system,info,account user backup logged out from 1.2.3.4 via ssh
(R0) 08:59:47 script,info end backup
However when the scheduler runs
09:01:21 script,info start backup
09:01:21 script,info Get R1
And that’s it, when the scheduler runs the script it doesn’t even attempt to log in – no traffic on the wire.
Hi,
i have the same Problem.
http://forum.mikrotik.com/t/works-at-terminal-put-not-inside-of-my-skript-mt-v6-7/72965/5
mfg
Klaus
I think you need to escape the special characters in the string
Sent from my SCH-I545 using Tapatalk
hello
I have the same problem
It’s frustrating !!! 
Did this ever get resolved? I am having a similar issue and was hoping to find an answer.
Two years and a half! the issue still there and no solution from mikrotik.
that’s really cool!
here is my scenario. I have router and the NAS. script saves config then logs in to NAS and run auto-fetching ftp command to get backup config file
/log info message="Backup run";
/system backup save name=backup/auto.backup;
/log info message="pre SSH";
/system ssh user=<user> address=<host> command="ftp ftp://<backup_user>:<pass>@router/%2Fbackup%2Fauto.backup -o /<path to backup>/auto-`date +%F`.backup"
/log info message="post SSH";
script works from terminal, but doesn’t by click the RunScript button in webfig nither by Scheduler event - it fails after pre SSH message
the only way I see - run my script by ssh login from NAS via crond 
Guys! any solution? I need this option bady to sync two VRRP MT. This is stupid issue. why SSH not allowed to run over script?
Guys! any solution? I need this option bady to sync two VRRP MT. This is stupid issue. why SSH not allowed to run over script?
You not feel the Power of ssh-script-running, don’t You? It’s too dangerous
Ok. Why 3-d host cron task is not the solution for You? It really works for me very well.