Community discussions

MikroTik App
 
vladoboss
just joined
Topic Author
Posts: 23
Joined: Mon Feb 01, 2010 12:05 am

rsa key support in ssh?

Fri Jan 28, 2011 11:45 am

Is it planed rsa key support in ssh? I have zillion Linux machines on which I have one rsa key, and only for Mikrotik routers I have to use dsa key, which is somehow frustrating (have to specify path to dsa key on each login). I don't use putty, just in case someone suggest me to save my sessions, I work on Linux.
 
sobrado
newbie
Posts: 25
Joined: Sun Dec 26, 2010 3:56 pm

Re: rsa key support in ssh?

Fri Jan 28, 2011 12:14 pm

Hello vladoboss.

DSA is a better choice than RSA; I would suggest using DSA where possible. On january 24 we released OpenSSH 5.7, that includes support for ECDSA (Elliptic Curve Digital Signature Algorithm). ECDSA performs better than DSA, as it uses a much shorter key while having an equivalent symmetric key length. DSA and, of course, ECDSA is the way to go.

Where do you store the DSA keys? Specifying the path each time you log into a MikroTik router should not be required. The SSH client should be able to find and use the right keys.
 
vladoboss
just joined
Topic Author
Posts: 23
Joined: Mon Feb 01, 2010 12:05 am

Re: rsa key support in ssh?

Fri Jan 28, 2011 1:09 pm

My bad :-( Key is stored in /home/username/.ssh/ but it was not named by default name id_dsa so ssh client wasn't able to find it. I renamed the key and now everything is ok.
 
elliotd123
just joined
Posts: 6
Joined: Wed Jan 09, 2013 10:39 pm

Re: rsa key support in ssh?

Thu Sep 10, 2015 7:33 pm

This should be revisited, as DSA is considered insecure, and is deprecated in newer ssh servers.

Can we get RSA key support?
 
marrold
Member
Member
Posts: 417
Joined: Wed Sep 04, 2013 10:45 am

Re: rsa key support in ssh?

Thu Sep 10, 2015 8:26 pm

This was added recently but I can't find the relevant change log
I'm a SIP / VoIP engineer. Feel free to ask questions...
 
User avatar
Plnt
just joined
Posts: 6
Joined: Thu Jul 16, 2015 2:27 pm
Contact:

Re: rsa key support in ssh?

Fri Sep 11, 2015 5:53 pm

This was added recently but I can't find the relevant change log
It was added in RouterOS 6.31.
*) ssh - use 2048bit RSA host key when strong-crypto enabled
*) ssh - support RSA keys for user authentication
 
User avatar
juanvi
Member Candidate
Member Candidate
Posts: 164
Joined: Mon May 05, 2014 6:55 pm
Location: SPAIN

Re: rsa key support in ssh?

Wed Dec 23, 2015 2:48 pm

Hello,
There is something I'm missing. I need help here please.

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test

Always receiving this answer:
unable to load key file (incorrect passphrase?) !

What can be wrong??? It seems very simple and I cant' import!!!
¡vʞvdnX puv ···SOɹǝʇnoɹ ʞıʇoɹʞıW oʇ sʞuvHʇ
 
gtj
Member Candidate
Member Candidate
Posts: 121
Joined: Thu Apr 30, 2015 2:52 am
Location: Colorado US

Re: rsa key support in ssh?

Wed Dec 23, 2015 4:54 pm

Do you have strong crypto enabled?
/ip ssh set strong-crypto=yes
 
User avatar
eworm
Long time Member
Long time Member
Posts: 613
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: rsa key support in ssh?

Wed Dec 23, 2015 9:54 pm

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test
Is the key in correct format? You need an openssh public key file that looks like this:
ssh-rsa AAAAB3NzaC1yc[...]yS6Ukw== username
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
juanvi
Member Candidate
Member Candidate
Posts: 164
Joined: Mon May 05, 2014 6:55 pm
Location: SPAIN

Re: rsa key support in ssh?

Thu Dec 31, 2015 11:02 am

strong crypto enabled. some tool for generating public openssh key?
¡vʞvdnX puv ···SOɹǝʇnoɹ ʞıʇoɹʞıW oʇ sʞuvHʇ
 
doridian
just joined
Posts: 17
Joined: Mon Jan 20, 2014 3:08 pm

Re: rsa key support in ssh?

Thu Dec 31, 2015 11:27 am

strong crypto enabled. some tool for generating public openssh key?
In puttygen you have a field for the public key ("to paste in authorized_keys"). You take the entire contents of that field, paste them in a file and then put that on the router and import it.
See link: http://blog.muhammada.li/wp-content/upl ... led500.png
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: rsa key support in ssh?

Tue Jan 05, 2016 12:36 pm

Hello,
There is something I'm missing. I need help here please.

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test

Always receiving this answer:
unable to load key file (incorrect passphrase?) !

What can be wrong??? It seems very simple and I cant' import!!!
did you import you "mykey.pub" for your testuser?
 [admin@MikroTik] > user ssh-keys import user=test public-key-file=mykey.pub 
---
raiffeisen data center infrastructure and security
...stay curious
 
User avatar
juanvi
Member Candidate
Member Candidate
Posts: 164
Joined: Mon May 05, 2014 6:55 pm
Location: SPAIN

Re: rsa key support in ssh?

Tue Jan 05, 2016 2:50 pm

Yes. I tried this too and does not work. Any ideas. Thanks for your help
¡vʞvdnX puv ···SOɹǝʇnoɹ ʞıʇoɹʞıW oʇ sʞuvHʇ
 
gtj
Member Candidate
Member Candidate
Posts: 121
Joined: Thu Apr 30, 2015 2:52 am
Location: Colorado US

Re: rsa key support in ssh?

Tue Jan 05, 2016 7:25 pm

Exactly what puttygen commands are you running? It should be something like...
### generate the private key
# puttygen -t rsa -b 2048 -O private-openssh -o mykey
++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++
Enter passphrase to save key: <cr>
Re-enter passphrase to verify:  <cr>
### Export the public key
# puttygen mykey -O public-openssh -o mykey.pub
Then upload mykey.pub.

I just tried this on one of my test routers and it worked fine.
Also, what version of RouterOS are you ruinning?
 
User avatar
tomasi
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri Oct 03, 2014 6:40 pm
Location: Brazil
Contact:

Re: rsa key support in ssh?

Fri May 27, 2016 9:50 pm

It seems these steps worked for me:

1. Open PuTTy Key Generator;
2. Select SSH-2 RSA 2048 bits;
3. Click "Generate";

4. Move mouse pointer a lot inside blank area to create strong crypto;
5. Right-click "ssh-rsa AAAA...", click on "Select All", copy and paste in Notepad;
6. Save file as SSH.txt;
7. Save public key button - I've tried to use this key to associate with a user, It didn't work (this key will be not used in this scenario);
8. Save private key (SSH.ppk) - it will be used in PuTTY later, without password (I don't know if this is a good idea);
9. Open winbox, menu "Files", drag and drop SSH.txt inside the content;
10. Menu System > Users > SSH Keys

11. Click Button "Import SSH Key";
12. Associate a user with the key file SSH.txt;

13. Open PuTTY;
14. Click on Connection > Data, fill "Auto-login username" with previous user associated with the SSH.txt;
15. Click on Connection > SSH > Auth, click on "Browse" and search for the SSH.ppk private key;

16. Click on Session, select "connection type: SSH", fill "Host Name (or IP address)" and "port";
17. Give a name on Saved Sessions (maybe SSH + Key), and click on "Save";

18. Click on "Open" and voila, your terminal will be ready to use, without asking username and password;

I DO NOT guarantee any of these instructions, it's only an example that worked for me. Thanks!
 
tknuutil
just joined
Posts: 12
Joined: Tue Apr 02, 2013 2:56 pm

Re: rsa key support in ssh?

Fri Nov 17, 2017 8:56 pm

Thanks,

Based on these hints I overcome this problem.
When making the keys with Puttygen and saving the public key file, it is in wrong format / having additional lines starting: ---- BEGIN SSH2 PUBLIC KEY ----

The trick is to copy the key from the window and store it to a file. Then you get two lines.
ssh-rsa
<<<key on the second line ending like: "== rsa-key-20171117">>>>

pub file like this is good for RouterOS

Who is online

Users browsing this forum: mducharme and 131 guests