As with RouterOS 6.30rc13, the current beta release 6.30rc17 (SMIPS) does not have a wireless driver in the "All Architectures" zip package.
-tp
I suppose this should read strong-crypto, no? What exactly does this change?*) ssh - added option '/ip ssh stong-crypto'
I suppose this should read strong-crypto, no? What exactly does this change?*) ssh - added option '/ip ssh stong-crypto'
Ah, really nice! Thanks!it makes SSH connections more secure. SHA256 instead of SHA1 and MD5 is kicked out, longer DH, cipher-less connections are not allowed (one where you set cihpers=none) and stronger ciphers are preferred by the ssh server.I suppose this should read strong-crypto, no? What exactly does this change?*) ssh - added option '/ip ssh stong-crypto'
makes your SSH connection to the router slower and slower due to better encryption. As most users do not require this (like managing routers from local area network) then old settings are deemed to have adequate security. Those that require higher security now can have an option to have it.
p.s. yes it is called '/ ip ssh strong-crypto' there is a type in the changelog.
Just a quick heads-up on this topic. OpenSSH 6.9 has been released. The announcement lists some features that will be run-time disabled by default with the release of OpenSSH 7.0 in July:RSA and for that matter ed25519 is not just a matter of flip-a-switch to enable them. We have to actually implement it. RSA currently is accepted as a feature request. Is not of a high priority.
You will still be able to enable it, but the default configuration will fail with RouterOS devices.* Support for ssh-dss, ssh-dss-cert-* host and user keys will be run-time disabled by default.
On v. 6.30 I've tried to run that command but it gives an error:p.s. it is called '/ ip ssh strong-crypto' there is a typo in the changelog.
> /ip ssh strong-crypto
bad command name strong-crypto (line 1 column 9)
> /system identity export
# jul/11/2015 23:49:35 by RouterOS 6.30
# software id = JLR6-SIQJ
#
/system identity
set name=gw.example.com
> /ip ssh set ?
Change properties of one or several items.
always-allow-password-login -- allow password login when public key authorization is configured
forwarding-enabled -- allows clients to connect to remote ports from server
strong-crypto -- use stronger encryption, HMAC algorithms, use bigger DH primes and disallow weaker ones
> /ip ssh set strong-crypto
expected end of command (line 1 column 13)
Changes have been committed to git. Current development version can not connect to RouterOS devices:Just a quick heads-up on this topic. OpenSSH 6.9 has been released. The announcement lists some features that will be run-time disabled by default with the release of OpenSSH 7.0 in July:RSA and for that matter ed25519 is not just a matter of flip-a-switch to enable them. We have to actually implement it. RSA currently is accepted as a feature request. Is not of a high priority.
You will still be able to enable it, but the default configuration will fail with RouterOS devices.* Support for ssh-dss, ssh-dss-cert-* host and user keys will be run-time disabled by default.
% git describe
V_6_9_P1-32-gd56fd18
% ./ssh host
ssh_dispatch_run_fatal: Connection to XX.XX.XX.XX: no matching host key type found