Community discussions

MikroTik App
 
ropebih
Member Candidate
Member Candidate
Topic Author
Posts: 110
Joined: Tue May 22, 2007 5:35 pm

SSH client is not working

Tue Apr 08, 2014 11:23 am

SSH client is not working since the 6.8. or 6.9 version. When can we expect fix of this bug?
[admin@xxxxx] > system ssh address=192.168.5.3 user=root

Welcome back!
 
onnoossendrijver
Member
Member
Posts: 424
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: SSH client is not working

Tue Apr 08, 2014 11:31 am

What's not working?
On 6.11:
 > system ssh address=10.10.10.10 user=blabla
password:
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.2.0-60-generic x86_64)
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: SSH client is not working

Tue Apr 08, 2014 12:37 pm

as onnoossendrijver kindly pointed out that problem with ssh client are resolved in newer release.
 
ropeba
Member Candidate
Member Candidate
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Re: SSH client is not working

Tue Apr 08, 2014 6:48 pm

How do you explain this?

v6.11
Image

v6.2
Image
 
stavincki1
just joined
Posts: 12
Joined: Thu Jan 09, 2014 1:06 pm

Re: SSH client is not working

Tue Apr 08, 2014 8:11 pm

Definitely something is still not ok with the SSH Client. I can enstablish one connection to a CentOS device and thats it, no more. I have the same issue with several other devices like user ropeba.
 
stavincki1
just joined
Posts: 12
Joined: Thu Jan 09, 2014 1:06 pm

Re: SSH client is not working

Wed Apr 16, 2014 4:44 pm

As i can see the ssh client problem still exists in the 6.12 version. I hope you will fix that very soon.
 
ropeba
Member Candidate
Member Candidate
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Re: SSH client is not working

Wed Apr 16, 2014 5:55 pm

Same here. I urgently need solution for this problem! We use ssh for IPTV service (STB administration). More than 2-3 months we don't have control over users STBs.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: SSH client is not working

Thu Apr 17, 2014 11:59 am

enable debug logging for ssh and attempt a connection saving full conversation (preferably on both ends) and send to support@mikrotik.com Other way this thread is quite useless as there is no information of what RouterOS exactly is used, what ssh server it attempted to connect to etc.
 
DjM
Member Candidate
Member Candidate
Posts: 111
Joined: Sun Dec 27, 2009 2:44 pm

Re: SSH client is not working

Mon May 12, 2014 2:15 pm

I have the same issue - connection to some SSH servers is working, to same not. [Ticket#2014051266000668] has been created.
 
DjM
Member Candidate
Member Candidate
Posts: 111
Joined: Sun Dec 27, 2009 2:44 pm

Re: SSH client is not working

Tue May 13, 2014 1:08 pm

My issue with SSH client was solved in ROS 6.13rc23 via [Ticket#2014051266000668]. In case that there will be still an issue with MK SSH client, send output from "debug ssh" on MK side and from SSH server side to support@mikrotik.com, if requested.
 
fxpester
just joined
Posts: 10
Joined: Wed Nov 23, 2011 1:11 pm

Re: SSH client is not working

Sat Jun 10, 2017 10:52 am

just facing the issue with v6.28
 
olegtsss
just joined
Posts: 2
Joined: Thu Jul 18, 2019 3:38 pm

Re: SSH client is not working

Thu Jul 18, 2019 3:50 pm

Hello! I have a new version of Router OS 6.45.1 and I have such problem too.
############################################
user ssh-keys private print
Flags: R - RSA, D - DSA
# USER BITS KEY-OWNER
0 R root 2048 root@185.20.24.56

ip ssh print
forwarding-enabled: both
always-allow-password-login: no
strong-crypto: no
allow-none-crypto: no
host-key-size: 2048

system ssh user=root address=185.20.24.56
Welcome back! --------> don't work!
##############################################
But it's work on other PC:
ssh root@185.20.24.56
All right!)))

Log from 185.20.24.56:
sshd[8968]: error: Received disconnect from 33.23.45.33 port 5152:14: [preauth]
sshd[8968]: Disconnected from 33.23.45.33 port 5152 [preauth]


And if I use ssh-client and password auth,
system ssh user=root address=185.20.24.56
All right too ((((
 
olegtsss
just joined
Posts: 2
Joined: Thu Jul 18, 2019 3:38 pm

Re: SSH client is not working

Thu Jul 18, 2019 7:41 pm

It's MikroTik's log (ssh debug):
22:34:28 ssh,debug ssh: auth methods: publickey
22:34:28 ssh,debug ssh: unknown auth method: publickey
22:34:28 ssh,debug ssh: code 0x0300000e closing..
 
nbctcp
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Sep 16, 2014 7:32 pm

Re: SSH client is not working

Tue Jun 30, 2020 7:41 am

SSH client is not working since the 6.8. or 6.9 version. When can we expect fix of this bug?
[admin@xxxxx] > system ssh address=192.168.5.3 user=root

Welcome back!
I encounter the same problem with RB951 6.47
but no problem with ssh client from Basebox2 6.47 (I can see login prompt)
Both mikrotik connect to the same server
?
1. how to reinstall ssh client in RB951 6.47
tq

UPDATE1:
doing this will fix the problem
/ip ssh set strong-crypto=no
 
gregory20
just joined
Posts: 1
Joined: Tue Jun 30, 2020 9:26 am

Re: SSH client is not working

Tue Jun 30, 2020 9:32 am

I also encountered with same problem on RB951 6.47. Searching for solution -_-
 
sindy
Forum Guru
Forum Guru
Posts: 5400
Joined: Mon Dec 04, 2017 9:19 pm

Re: SSH client is not working

Tue Jun 30, 2020 11:35 am

doing this will fix the problem
/ip ssh set strong-crypto=no
This is not a fix, this is a workaround - the server only supports ciphers which are currently considered weak.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
nbctcp
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Sep 16, 2014 7:32 pm

Re: SSH client is not working

Tue Jun 30, 2020 12:14 pm

doing this will fix the problem
/ip ssh set strong-crypto=no
This is not a fix, this is a workaround - the server only supports ciphers which are currently considered weak.
What you said is true.
1. either change target ssh server to use stronger cipher or
2. set ssh client to use weaker cipher

Unfortunately, I have to use OPTION1 because target ssh server is CambumNetworks ePMP1000 Hotspot with latest 2019 firmware but EOL already
If I found on how to set it with stronger cipher. I'll update here

ePMP1000-CC0989(config)# show config
!
management user admin password $crypt$1$R23rqOwQ84Z0PrDyhaBTH6MR5E5TtS1k
no management http
no management telnet
management ssh
management cambium-remote
management cambium-remote url https://cloud.cambiumnetworks.com
management cambium-remote validate-server-cert
management https
led
no poe-out
country-code CN
placement outdoor
!
wireless radio 1
no shutdown
channel auto
channel-width 20
channel-list all-channels
data-rate unicast 1b 2b 5.5b 11b 12 18 24 36 48 54
data-rate non-unicast highest-basic
power 25
airtime-fairness
auto-channel-select on-startup
antenna-gain 5
beacon-interval 100
no dynamic-channel-selection
enhanced-roaming
auto-rf chan-hold-time 120
!
wireless wlan 1
ssid id
no shutdown
vlan 1
security wpa2-psk
passphrase $crypt$1$1ihCmIf8rfqsV62rdhJy5QjIqMFuSlVu
dtim-interval 1
max-associated-client 127
client-isolation
drop-multicast-traffic
mac-authentication policy deny
no guest-access
!
interface eth 1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1-20
!
interface eth 2
switchport mode access
switchport access vlan 1
!
interface vlan 1
management-access all
ip address zeroconf
ip address 192.168.88.222 255.255.255.0
!
ntp server pool.ntp.org
ip route default 192.168.88.1
ip name-server 1.1.1.1
ip name-server 9.9.9.9
timezone Asia/Jakarta
hostname ePMP1000-CC0989
firewall dos-protection ip-spoof
firewall dos-protection ip-spoof-log
firewall dos-protection smurf-attack
firewall dos-protection icmp-frag
no wifiperf
 
sindy
Forum Guru
Forum Guru
Posts: 5400
Joined: Mon Dec 04, 2017 9:19 pm

Re: SSH client is not working

Tue Jun 30, 2020 12:41 pm

2. set ssh client to use weaker cipher
The unfortunate point is that the /ip ssh strong-crypto setting is common for both server and client, so once you permit weak algorithms to be able to connect to an old server, it is also possible to connect using weak ciphers to your Tik until you switch it back. Some time ago I've asked Mikrotik support for a parameter of the client so that you could disable strong crypto for a single login and they've promised to consider that, but so far nothing has happened.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 140 guests