Community discussions

MikroTik App
 
einichi
just joined
Topic Author
Posts: 7
Joined: Sat Jan 16, 2021 5:33 pm

[Feature Request] Support for EC-based SSH keys

Mon Jan 18, 2021 7:32 am

A thread was posted a few years back here: viewtopic.php?p=628350

It would be great if ed25519, and perhaps other related key types such as nistp256 and so on were supported. None of my current keys were recognized on import, and thus I have no choice but to create a new key pair just for RouterOS.
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: [Feature Request] Support for EC-based SSH keys

Fri Jan 22, 2021 6:55 am

Not negating adding a new feature here but what is exactly the problem we're trying to solve here? While ed25519 is newer and has some advantages (e.g. smaller key size, marginally faster authentication) does it really add any significant value to ROS?
 
einichi
just joined
Topic Author
Posts: 7
Joined: Sat Jan 16, 2021 5:33 pm

Re: [Feature Request] Support for EC-based SSH keys

Fri Jan 22, 2021 7:43 am

At this moment in time, it's a matter of convenience - a nice to have.

In time, who knows how long, it will be necessary to add new key types. I think ROS should be keeping up with these new key types, and the ROS7 beta would be a good opportunity for them to do so.

It's good to get ahead of the curve (ha), rather than rush to support new keys after the currently supported keys are found to be weak at a later stage.
 
OlofL
Member Candidate
Member Candidate
Posts: 113
Joined: Mon Oct 12, 2015 2:37 pm

Re: [Feature Request] Support for EC-based SSH keys

Sun Mar 13, 2022 3:16 pm

Not negating adding a new feature here but what is exactly the problem we're trying to solve here? While ed25519 is newer and has some advantages (e.g. smaller key size, marginally faster authentication) does it really add any significant value to ROS?
In Ubuntu 22.04 ssh-rsa is depricated and you need to add ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa in order for it to use the ssh-rsa key. Stable RouterOS (7.1.3) still uses this host publickey.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: [Feature Request] Support for EC-based SSH keys

Sun Mar 13, 2022 3:19 pm

Not negating adding a new feature here but what is exactly the problem we're trying to solve here? While ed25519 is newer and has some advantages (e.g. smaller key size, marginally faster authentication) does it really add any significant value to ROS?
In Ubuntu 22.04 ssh-rsa is depricated and you need to add ssh -o PubkeyAcceptedKeyTypes=+ssh-rsa in order for it to use the ssh-rsa key. Stable RouterOS (7.1.3) still uses this host publickey.

Until ROS adds support for ed25519 keys, you can work around the probkem in 3 ways:
  1. as you showed, you can add option on ssh command line when necessary
  2. you can add a souple of libes in ~/.ssh/config to have ssh it added for connections to some particular host
  3. you can allow RSA keys globally in /etc/ssh_config

Who is online

Users browsing this forum: Bing [Bot] and 22 guests