I followed the guide here (https://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(public/private_key_login) and not only password-less log in didn’t work, but even the password stopped working. Then I removed the key and the password started working again. Ideas?
I’m glad I’m not the only one who noticed this…
rsa private keys used to work fine in 7.8 .
It suddenly stopped working at around 7.9beta4 when ed25519 was introduced.
But even keys with ed25519 don’t work now.
I guess something got broken with the new ssh code.
Unless something changed in the way we should import the keys in RouterOS and the manual doesn’t reflect this.
Just weird…
Hello,
I also have a problem with login by SSH public key.
[geadmin@rtr.lesko-ing.com.pl] > /system/ssh-exec user=geadmin address=192.168.40.3 command="/system/resource/print"
failure: authentication failure
On the same key I can login from linux without any problem.
So problem exist between Mikrotik and Mikrotik.
Can anyone also confirm this issue?
General observation: on 7.9.1 importing RSA public key works as it used to. It’s nice to have backup way of logging into device after public key is imported … one way is using winbox (if that’s not blocked), another way is to set /ip/ssh/set always-allow-password-login=yes … if it’s left to default (which is “no”), then users with public key imported can’t login using password anymore. This setting can be reverted to “no” after password-less login is tested to work.
i can confirm that this is an issue. i used a script to reboot Unifi AP every week and now the Unifi AP has uptime of 53 days. clearly a bug that was introduced in last 1.5 months. have created SUP-118158 support ticket.please create one to bring it to Mikrotik attention apart from putting it in forum
I have the same problem with Mikrotik to Mikrotik ssh-key based authentication. It asks for password and says authentication failure. Keys were imported correctly as per wiki
The issue has been identified, and we look forward to fixing it on upcoming RouterOS versions
above is not fixed in 7.10rc6 (where it is mentioned as fixed). still get same ‘authentication failure’ when accessing remote SSH host as ssh-exec and ‘welcome back’ message as ssh.
works fine when tried from linux client
this used to work fine before 7.9 and now has suddenly stopped working.
This seemed to be fixed at first, but if you import both the private and public key on both routers, then the authentication still fails, eg:
Execute on R1:
/user/add group=full name=adminssh
/user/ssh-keys/private/import user=adminssh private-key-file=key
Execute on R2:
/user/add group=full name=adminssh
/user/ssh-keys/import user=adminssh public-key-file=key.pub
R1 could connect to R2.
However:
Executing this on both R1 and R2 (so they can both connect to each other):
/user/add group=full name=adminssh
/user/ssh-keys/private/import user=adminssh private-key-file=key
/user/ssh-keys/import user=adminssh public-key-file=key.pub
Now R1 can’t connect to R2, and R2 can’t connect to R1.
It seems to break when you add the same private key to the second router. What’s even more strange is that when you then remove the private key to make it like it was before when it worked, it still doesn’t work and you need to start all over
with below steps, the issue is resolved:
remove private (on RouterOS) and public (on the remote host) keys;
downgrade RouterOS to version 7.8;
Export RouterOS SSH keys;
import new private key in RouterOS, the public key in the remote host;
check if ssh-exec to the remote host works;
upgrade RouterOS to version 7.10 and check if ssh-exec to the remote host works.
Quick update:
Just tried quickly on 7.11 beta and rc builds and it indeed appears to be fixed!
Good work! 