password set incorrectly, admin access lost

RouterOS Beginner Basics
1

Hello everyone.

So I created a new user with full rights using CLI. Command ran “successfully”. I put successfully in quotes because while error message wasn’t displayed, I may have gone and done something silly.

So I ran the following

/user add name=xxxxx password=X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr group=full

and got the following error message

expected end of command (line 1 column 48)

I figured this was because of the $ sign within the password.

So I ran the same command and this time enclosed the password in quotes

/user add name=xxxxx password=“X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr” group=full

And got no error messages this time around.

I then went ahead to commit the greatest of all sins by deleting admin user without verifying that the new user login works.

I’m unable access the router using the new user(redacted in my CLI snippets above) and the password (actual password is as shown in the CLI snippet).

What have I done incorrectly? And how can I remedy the situation without a reset of the router.

PS: No backups were ever made. This was a fresh install that I was trying to “harden”

2

Your actual password is (with the space):

X90dFXV% tNMeialSk*w

It’s a very bad idea use reserved characters to set password on any OS used.
Do not use on MikorTik \ ? " and $ on passwords…
The script can fail, also for other reasons, and if you do not verify new user first…

3

So I see you inferred that copy paste kind of mangled my password. It should have been "X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr" (with a $ before the first uppercase K and another $ immediately after the lowercase b)

I had tried "X90dFXV% tNMeialSk*w " (without the quotes and a trailing space). I will try the new pass without the trailing space and come back with feedback. Thanks for your time.

4

He wanted to say that you forgot about $ being used for variables. If you put the same string where you can see it later:

/ip address add interface=ether1 address=127.0.0.2 disabled=yes comment="X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr"
:global bdkboc7Vri3iXotMZyKgr "MEOW!"
/ip address add interface=ether1 address=127.0.0.3 disabled=yes comment="X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr"
/ip address add interface=ether1 address=127.0.0.4 disabled=yes comment="X90dFXV% tNMeialSk*w\$bdkboc7Vri3iXotMZyKgr"

Then export will give you:

/ip address
add address=127.0.0.2 comment="X90dFXV% tNMeialSk*w" disabled=yes interface=ether1 network=127.0.0.2
add address=127.0.0.3 comment="X90dFXV% tNMeialSk*wMEOW!" disabled=yes interface=ether1 network=127.0.0.3
add address=127.0.0.4 comment="X90dFXV% tNMeialSk*w\$bdkboc7Vri3iXotMZyKgr" disabled=yes interface=ether1 network=127.0.0.4

Edit: The last one is correct, you’ll see it in WinBox/WebFig as “X90dFXV% tNMeialSk*w$bdkboc7Vri3iXotMZyKgr”, i.e. exactly what you wanted.

5

I give your password based on what you write on forum.
If is pasted “X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr” on terminal (but on your previous post the first $ is one S !!!),
without other surprises, your password is:

X90dFXV% tNMeial*w
6

@Sob

:global k ""
:global bdkboc7Vri3iXotMZyKgr ""
:put ">X90dFXV% tNMeial$k*w$bdkboc7Vri3iXotMZyKgr<"
7

This is now solved. Correct password was a slight variation of the one previously provided. Thank you all.

Blocked ssh and www access from outside the local network. I don’t see anymore logs showing failed ssh login attempts.