login using ssh keys problem!

RouterOS Scripting
1

hi fellows i was trying to setup an remote access to my server via mikrotik but im facing a password request which is ruining the whole operation, please anyone can tell me how i bypass password request, animated screenshot attached:


when i input the password it logins but i dont need that i need that to be automatic using preshared key

2

Hi sir
the procedure to connect from RouterOS as client to another ssh server is slightly different:

  1. you need to import both public and private key under /user ssh-keys private
/user ssh-keys private import private-key-file=sshkey public-key-file=sshkey.pub user=connect
  1. make sure that you copied on the Linux server side, the generated key to the authorized_keys file under the correct linux user home dir (in my case the user is called connect) :

cat sshkey.pub >> /home/connect/.ssh/authorized_keys

  1. make sure that inside /etc/ssh/sshd config file (or equivalent other distro file) , you have added the source ip of mikrotik client to the AllowUsers row.

  2. following the previous steps, you will succeed to enter ssh server from mikrotik ssh client without any password (100% guarantee at least on my current installed RoS 5.16):

[connect@ROUTER-GREENCOMPUTING] > /system ssh 172.23.1.2 user=connect                                                          
Linux connectiviaPBX 2.6.32-24-generic-pae #39-Ubuntu SMP Wed Jul 28 07:39:26 UTC 2010 i686 GNU/Linux
Ubuntu 10.04.1 LTS

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/

Last login: Mon Aug 13 01:05:25 2012 from 172.21.1.1
connect@greenComputing:~$

I hope this will help you tor each your goal.

3

thank you:) done connecting mikrotik to mikrotik via ssh key, still trying to connect mikrotik to linux unfortunately

  1. done!
  2. done!
  3. im not sure if sshd_config is perfectly configured but i can login via ssh from any ip
    please can you give an sshd_config sample for ubuntu 12

Kind Regards Gladio

4

what you have in:

/user ssh-keys private print

default settings in Ubuntu should allow key login into Ubuntu form RouterOS.

5

the 1st post was misunderstanding of how ssh key login works when connection ROS to Ubuntu

“/user ssh-key private print” outputs the actual keys I’ve got, ROS to ROS connection done via ssh keys
but what i couldn’t done is ROS to Ubuntu its so hard can you give instructions how i can use default settings of Ubuntu 12 please

6

as promised here you ahve a working example of sshd_config file used on one of my test server :

root@greencomputing:/etc/ssh# more sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin  no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

AllowUsers *@172.2.0.0/16,10.10.1.1

distro and ver :

Distributor ID: Ubuntu
Description: Ubuntu 10.04.1 LTS
Release: 10.04
Codename: lucid

7

@greencomputing

thank you very much for your support but please can you answer me this:

(before i was doing cat key.pub into /.ssh/authorized_keys) and its not working

im confused about the place of public key file in ubuntu

now i have clean ubuntu 12 what a i supposed to do next?
best regrads Gladio

8

so if a give you access to my ssh can you solve this please, man i cant get this done
nb: ill give you access to a clean Ubuntu install

Regards Gladio

9

make sure you are using DSA keys, not RSA.

10

thank you janisk im already using dsa key, its a Ubuntu problem mikrotik is working well with ssh keys