I just acquired a CRS328-24P-4S+RM, and I have been trying to figure out if there is any way to configure ssh to use certificates, both for the host key, and to add a trusted user ca. It doesn’t seem like there’s a way to do this, am I missing anything? I was very disappointed upon receiving the switch to realize that unlike the other managed switches I’ve used where I had standard shell access on ssh, on RouterOS I only get a limited non-standard shell.
What is “standard” and what is “limited”? Can you explain?
Ah, looking back at that I maybe wrote that a bit strongly, when I was frustrated. However to be clear what I mean, I’m used to ssh’ing into devices (even network devices) and getting a normal linux shell (e.g. bash, dash, etc).
In that sense, RouterOS only provides “limited” shell. Syntax aside, it allows to set each and every feature your device can perform under ROS so functionality-wise it’s “power-user” shell. The nicest thing about CLI, loved by many Mikrotik afictionados, is that follows the same principles as GUI. Which means that (working) CLI examples for configuring device are easily followed in any of GUIs (winbox and webfig). And I, as an example of before mentioned afictionados, certainly hope this CLI stays.
So the only practical difference between “full shell” and MT’s “limited” shell is that in MT CLI is directly invoked after logging in whereas elsewhere one has to run it manually. As to access to configuration files: there are many different syntaxes and learning all of them isn’t trivial either. So it’s often easy to get something wrong and that’s another possibility to break things (not that this is impossible with MT’s CLI).