I use a rsa key generated on my remote server that I have my Mikrotik devices log into.
I import the public/private RSA key pair as described in this wiki
https://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_public/private_key_login
in V6 the key format must be PEM but in V7 I get an error that the format is not allowed.
Is V7 not ready for this yet?
7.3.1 has a known bug when importing SSH keys
try 7.4.RC2, it should be fixed
7.4RC2 not working either
I’m having same problem on both 7.4.1 and even 7.5rc2 when importing public key:
/user ssh-keys import public-key-file=id_dsa.pub user=admin
unable to load key file (wrong format or bad passphrase)!
I don’t know what is wrong, it was working great so far on old ROS.
DES and RSA1 keys are deprecated, ECDSA and ED25519 are not yet supported in ROS, your keypair needs to be RSA2.
What’s new in 7.5 (2022-Aug-30 12:25):
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
rextended - thank you for pointing that out, but 7.5rc2 didn’t worked for me.
Sooo… downgraded to 6.49.6 - key imported successfully. I can log in with key.
Upgraded to 7.5 - cannot login with key. I try to import the key and got again:
unable to load key file (wrong format or bad passphrase)!
I might have deprecated keypair type, my key starts with “ssh-dss”, but import is working in 7.1. That brings me to changelog and I have found in 7.3:
*) ssh - removed DSA public key authentication support;
So this is it. Damn. Not only marked as deprecated, but already removed.
Thank you for help!
¯_( ͡° ͜ʖ ͡°)_/¯
Guys, do you have newer information about the support of ECDSA keys in ROS 7?
Also discovering the same issue.
This is unbelievable.
Running v7.8
Now i have changed to RSA, the import will work, but the login fails:
root@trafficgrapher:~/bin/auth# ssh -v -i /root/bin/auth/remote-access_new.rsa remote-user@172.16.15.240
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 172.16.15.240 [172.16.15.240] port 22.
debug1: Connection established.
debug1: identity file /root/bin/auth/remote-access_new.rsa type 0
debug1: identity file /root/bin/auth/remote-access_new.rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to 172.16.15.240:22 as 'remote-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:Syg06JqvjjCag0cFLhs7kY0DrOwS9ySK/TMfAoqsVfA
debug1: Host '172.16.15.240' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
remote-user@172.16.15.240's password