I have succesfully established a SSH PASSWORDLESS connection from a linux client to a routerboard (server) using RSA key method.
Can I do the same from Mikrotik SSH client to Mikrotik SSH server ?
If yes, how to export keys from client machine ?
Thank you
No ideas ?
I know forums behaviour so I can’t pretend an answer, but I’m asking myself if :
1 my question is so simple that I should find myself the answer or
2 my question is too hard and very few know the answer for solution or
3 my question has no solutions
At least a little answer for second or better for third case from gurus or staff…
Thank you
You can’t export the public key from RouterOS, but you can generate the key pair on some other machine, then import the private key into your one router, and the public key into the other router. This will allow SSH login with key.
Thank you for answering,
Let me understand:
I should export public key from CLIENT RouterOS to be imported into SERVER RouterOS, but exporting of public key is not possible
So I have tried to export the private key ( ip ssh export-host-key ) converted into a public key by a linux machine (ssh-keygen -y -f ros_rsa > ros_rsa.pub) and imported on SERVER RouterOS, but it DOESN’T work (Server still asks for password, why?)
I will try your suggestion, a question:
Which router needs the private key to be imported ?? (I suppose the CLIENT one)
Remeber I need a PASSWORDLESS ssh login (that works perfectly if client is a linux pc with self generated keys and imported into RouterOS server)
Did you make the key without a passphrase?
If yes, did you try to just hit enter ?
It works !!
Keys pair generated without passphrase, public+private imported into client with empty passphrase, public imported into server associated to desired user et voila’ straight getting of remote router prompt without password.
There is just a last insurmountable obstacle for now : the /system ssh user=myuser command=mycommand string doesn’t work from inside netwatch or inside script !!
I suppose it is a security caution , but it vanishes any attempt to remote control a router from an unattended system… 
Do you have any expectation to enable the ssh client in netwatch/scripting ??
about security issue, one has to install rsa key pair on both devices before to break something…
What do you think ?
Thanks
Yes, it is currently not supported in scripting, no specific timeline on when it will be supported. Glad to hear you made it work for other purposes.
OK, Fill your “users wishlist” 