Hello
Running /ip ssh set strong-crypto=yes encountered error because allow-none-crypto =yes
1.What is allow-none-crypto property?
2. What happens when this property is no or yes?
Thanks alot
Setting strong-crypto to yes is a way to prevent establishment of the ssh session if the peer only offers encryption algorithms considered weak, which makes little sense if you simultaneusly permit to establish sessions with no encryption at all (by means of allow-none-crypto=yes).
Use of ciphering algorithm none may make sense in specific network scenarios, but I cannot imagine a scenario where having both strong-crypto and allow-none-crypto enabled on the same device acting as a server would make sense.
Some time ago I’ve asked Mikrotik to permit overriding of the configuration setting of strong-crypto, which is used when acting both as ssh server and as ssh client, by adding a possibility to add strong-crypto=no as a parameter to the /system ssh command and they promised to consider that; as of 6.44.3 this feature is not yet available. So perhaps replacing it by a more generic parameter crypto with possible values strong, basic, default (which would be the default value if this parameter wouldn’t be provided), or none might be even better.
Hello, more than one year later:
/ip ssh set strong-crypto=yes
results into:
failure: strong-crypto and allow-none-crypto can't be used at the same time
Tested on package 6.47.1
Since this tip is at ofic. tutorial - https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router#More_Secure_SSH_access
it is really confusing for new users.
PS: Solution for this tutorial is:
/ip ssh set allow-none-crypto=no
/ip ssh set strong-crypto=yes
(Im letting this there, since this post was 1st result at Google. So if you struggle by same error, use this two commands instead one)