Hi All,
This is my first post to the forum, and since it involves a bit of a rant, I'd like to prefix it with 'I heart mikrotik'. I've used rb3011 and rb4011 for a couple of years now, and deeply impressed with the feature/price ratio.
Ok, here's the rant: modern ssh clients refuse to work with mikrotik, because its crypto is woefully old: the only available key types are ssh-DSA, which has been deprecated since 2015, and ssh-RSA, signed with SHA-1, which also has been deprecated for over a year now.
I understand that backwards-compatibility matters, and, if mikrotik were to simply port a modern openSSH, many clients would be forced to rekey. But if routerOS 7 is already introducing sweeping changes, this is surely a better time than a point release, which could catch users off-guard. Now is the time to get the latest openssh, with EC crypto and support for signed certificates. The alternative is to force the use of broken security, while the desktop OS vendors upgrade ssh client to a version that is no longer interoperable.
Those of us who rely on CLI management of our routers, particularly those with automated configuration management such as ansible, really need working ssh on the routers.
Best
Lev