MikroTik to MikroTik SSH

soltanpour · November 2, 2024, 11:02am

Hi everyone,
Just trying to do some ssh-exec from one MikroTik to another MikroTik using SSH key and I always get this error “failure: authentication failure”.

I have created a RSA key; uploaded both public and private key to local MikroTik and only public key to the remote device. Both devices have the same user with keys bound to them and also both are running 7.16.1 ROS.
I have also unchecked “Always Allow Password Login” from remote device.

Any idea guys?

patrikg · November 2, 2024, 4:18pm

Is you doing like this ??
https://help.mikrotik.com/docs/spaces/ROS/pages/132350014/SSH
https://help.mikrotik.com/docs/spaces/ROS/pages/328353/Securing+your+router

soltanpour · November 2, 2024, 4:57pm

Hi Patrikg,
I believe I do; and I’m able to SSH to my device using that private key from Windows or Linux but not from another MikroTik which either asks for password or shows authentication failure.

flynno · November 2, 2024, 5:34pm

I had this issue before, cant remember how I solved it,

Go to system > Users > SSH Keys - Import SSH Key

Then

Go to system > Users > SSH Private Keys - Import SSH Private Key

soltanpour · November 2, 2024, 6:15pm

I removed all the keys and this time imported RSA keys, generated by PuttyGen; still no success.

patrikg · November 2, 2024, 7:06pm

Using windows i see(yoda), maybe the files are treated different, you may not use the correct end line char then.
puttygen may produce wrong there for Mikrotik Linux way of end lines.

So if you take the file into some editor or use the Linux command dos2unix to convert the files.
You could also test to use the Linux command (ssh-keygen) to create the keys.

It has to do with the public key in the client side (Mikrotik device), because you get it working to connect from the pc with the private key. To the server side.

soltanpour · November 2, 2024, 7:32pm

I regenerated the keys using ssh-keygen, no success though.
They newly generated keys work fine for SSH through windows.

patrikg · November 2, 2024, 7:45pm

Have you seen this:

https://youtu.be/8tt7fSvdFRM

soltanpour · November 2, 2024, 8:17pm

Yeah, I’ve watched it.
First, I tried using exported host keys; didn’t work.
Then I tried generating keys with “ssh-keygen -t rsa -b 2048” command; didn’t work, either.

patrikg · November 2, 2024, 8:27pm

Do you import them into the correct user ?
Or do you only using admin as username.

soltanpour · November 2, 2024, 8:36pm

I have created a special group with ssh-read-write as allowed policies.
After that, I created a user and assigned it to this group.
I’ve bound my keys to this user both on local and remote MikroTik devices.
Also as a test, I tried admin user who has full access for importing keys; but nothing works!

patrikg · November 2, 2024, 9:44pm

Do you self a favor and do it with the KISS method first.
With defaulted devices and only with the admin user.
And after it’s working, you do more and hardening your system.