sorry, i did not find any better place to put this. technically it is not a bug report, it is a request for enhancement.
is it just me, or there's someone else out there who'd like to see improvements to the output of the "export" command?
we have these 2 half-solutions for saving the configuration, but together they don't add up to a solid one.Can you tell us what you have in mind?
not quite sure how much secure is the same private key or cert if it's stored on a random server or your laptop.I think private keys should never be exportable, neither cert or ssh.
on-error=log-and-proceed, stop-import, skip-section-import, replace-section
Yes, I would also like to see an error-handling option, especially with something like TR069 where you don't necessarily want it to stop loading everything when it hits an error.Now for the import process, I´d love to see an option for error-handling, ideally per config section. Likelog-and-proceed: Log the error occured but go ahead with subsequent config import.Code: Select allon-error=log-and-proceed, stop-import, skip-section-import, replace-section
stop-import: stop the whole config import
skip-section-import: log the error, stop importing more lines from this section and continue import from the next section with a leading /
replace-section: wipe the current config of this section and completely replace it with the import.
/ppp secret
add local-address=192.168.99.1 name=tester password=supersecretpassword remote-address=192.168.99.10
/ppp secret
add local-address=192.168.99.1 name=tester password=***** remote-address=192.168.99.10
yes, this is true. on the other handBut try the same as user who's group doesn't have sensitive policy and you won't see password:
So it would be the same with certificates and others. And then there's not much difference if you have permissions to export them individually, as part or backup (these two are already possible) or as part of export.Code: Select all/ppp secret add local-address=192.168.99.1 name=tester password=***** remote-address=192.168.99.10
/export
show running-config
/export
i agree. the best solution for local ppp / hotspot accounts would be to use password hashes instead of cleartext passwords. but this is a huge change, albeit not as difficult as the one with the user accounts.wait for someone who will write independent decryptor, and when (not if) it happens, the encryption will be useless.
hence there's no cure for every issue. again, the lame uniform symmetric encoding on the client can be seemingly effective against idiots, proving this is a bit better than nothing.but client needs original password.
You may want to have a look at- Definitely add options to specify terminal width and not export with any color or other terminal options using the /export command. Right now this only works if adding options to the username when logging in i.e. instead of "admin" you have to use username "admin+ct240w". If just using 'admin' then programs like Solarwinds NCM, RANCID etc can totally screw up. And adding parameters to the username screws up other things i.e. specifying credentials for all devices in a group at the same time, but not all of them are MikroTik so having to put "+ct240w" on the username will fail to login
MikroTik is the only company I know of that requires these options to be parsed through the username login, and not part of the export command (or issuing some other command first to override terminal defaults). Bad design IMO
/ export terse