Command works from terminal but not as a script

I have no experience with Mikrotik scripting.

This works from terminal but not as a script:
/system/ssh address=192.168.240.9 user=dprnic command=“[/interface/wireguard/peers/add interface=wireguard_users public-key="X7ZcanAGeG+G7/rZWDV4RoZ8vohzaUW9pdqEfkdiFRw=" allowed-address=192.168.254.130]”

More info:
I am sending SMS with this message:
:cmd M script add_wg_peer publickey=“X7ZcanAGeG+G7/rZWDV4RoZ8vohzaUW9pdqEfkdiFRw=” ip=192.168.254.130
This is a script:
{
:global ip;
:global publickey;
/system/ssh address=192.168.240.9 user=dprnic command=“/interface/wireguard/peers/add interface=wireguard_users public-key="$publickey" allowed-address=$ip;”;
}

Can anyone see what is the problem, please?

What is the value of $publickey in the script? Where do you set it?
When you send it from CLI then this value is explicity inserted into the command.

The value of $publickey is:
X7ZcanAGeG+G7/rZWDV4RoZ8vohzaUW9pdqEfkdiFRw=
I set it in SMS sending to router with LTE interface (sim card for 3G).
This part with setting the variable with SMS works.

When i put this in a script then it does not work:
/system/ssh address=192.168.240.9 user=dprnic command=“[/interface/wireguard/peers/add interface=wireguard_users public-key="X7ZcanAGeG+G7/rZWDV4RoZ8vohzaUW9pdqEfkdiFRw=" allowed-address=192.168.254.130]”
I think i have problem with quotes. "

When the script is executed then in the line
/system/ssh address=192.168.240.9 user=dprnic command=“/interface/wireguard/peers/add interface=wireguard_users public-key="$publickey" allowed-address=$ip;”;
system wants to substitute $ip and $publickey so it looks for their current value from the environment as they are the global vars
if the value is is not set then it is substituted as empty string. Try to debug those values with log lines as follow

{
:global ip;
:global publickey;
log warning  $ip
log warning $publickey
/system/ssh address=192.168.240.9 user=dprnic command="/interface/wireguard/peers/add interface=wireguard_users public-key=\"$publickey\" allowed-address=$ip;";
}

The result is ok.

If i could see somehow what is the problem on the ssh remote router.

What the log on the remote device says when the command is executed remotely?

I added topics script and wireguard.
No log.
Do i have to turn on some more topics?

Try to put publickey and ip directly into a script to execute exactly the same command as from CLI.
If it works then sth. is wrong with command send to remote host after substitution. If not then there is another problem? What one? We will see.

After executing the command in terminal it says:
Welcome back!
And i can see that peer is created.
I delete it and try again from system script.
No log on both routers.

Once again: put that command which you execute in CLI VERBATIM into a script and then execute a script.
Be logged int remote device with Winbox watching the interface/list of interfaces for change during execution of command from script.
Even if there is no log info then you shoud see that something changes via Winbox … even for a moment.
Maybe add ping command as ping count=100 ip.of.a.device.where.you.can.check.the.traffic to watch if there is a traffic comming from the other side.

Do not expect that anyone can figure whats going on both routers without access to them. You should be a little creative (every one should) when it comes to debugging. Sometimes “fast eyes” are the best tool

Yes, i am doing that.
First in cli

Then in script

I tried something more simple also from cli and from script, but it also does not work from script and works from cli.

No extra log on local router

Remote router log only when i succesed with cli

I found the solution!
The problem is in command ssh.
/system/ssh… does not work in /system/script for remote router.
/system/ssh-exec… should be used instead.

Glad to read about successes