Community discussions

MUM Europe 2020
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

How to display Mikrotik's SSH keys fingerprint.

Tue Feb 24, 2015 2:46 pm

How do I check Mikrotik's SSH keys fingerprint in the RouterOS CLI?
 
jmi2
just joined
Posts: 9
Joined: Mon Feb 05, 2018 11:41 am

Re: How to display Mikrotik's SSH keys fingerprint.

Mon Sep 10, 2018 9:59 am

would also like to know, as atm i have SSH warning when connecting to mikrotiks, which i updated to 6.42.7.
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!".

But cannot really find it, and also google is not helpful so far.
I even tried to regenerate new one on MK, but it also doens't print out fingerprint.
Probably i would have to export them and calculate fingerprint...

Would be really great if fingerprint of internal ssh key is viewable.
 
NetWorker
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Sun Jan 31, 2010 6:55 pm

Re: How to display Mikrotik's SSH keys fingerprint.

Wed Sep 11, 2019 5:33 pm

So far in the last 10 years using Mikrotiks I've always been positive about which device I was connecting to. Therefore I've never bothered to check the fingerprint. Today for the first time I'm going through another company's network rather than our own and I'm not 100% sure if I'm reaching our device or one of their's. After checking for the last 25 minutes every possible menu option I've been unable to view the fingerprint. Short of exporting and downloading over a different connection, is there any other way to view the fingerprint to compare it to the one the terminal is throwing upon connection? Device is in a remote location and I'm not loving the idea of downloading the keys...
 
PiGeonCZ
just joined
Posts: 4
Joined: Sat Jan 28, 2017 12:43 pm

Re: How to display Mikrotik's SSH keys fingerprint.

Sun Dec 08, 2019 1:14 pm

I wasn't able to find it either and I guess this would also help the security a lot, so I am voting for an option to print out the fingerprint of the current host key

thanks
 
tinag
just joined
Posts: 1
Joined: Thu Dec 19, 2019 11:41 am

Re: How to display Mikrotik's SSH keys fingerprint.

Thu Dec 19, 2019 12:18 pm

you should ALWAYS check the fingerprint of the host before logging in via ssh, you never know if there is currently a MITM attack going on. after the first login, your ssh-client can do the fingerprint check automatically and warn you if it ever changes (if it changes, somethig suspicious is going on).

i don't know about the security mechanisms in Winbox itself. probably it's best if you connect only your Winbox-Machine and your Router, disconnect all other network interfaces

So this is how i did it

Winbox->New Terminal
/ip ssh set strong-crypto=yes
/ip ssh export-host-key
use key-file-prefix: test

Winbox->Files
download the test_rsa.pub to your Desktop (like C:\Users\test-user\Desktop)
then delete the test_* files (test_dsa, test_dsa.pub, test_rsa, test_rsa.pub)

Debian on Windows
apt-get install openssh-client
ssh-keygen -f /mnt/c/Users/test-user/Desktop/test_rsa.pub -i -m PKCS8 | ssh-keygen -l -f - -E md5
first ssh-keygen command converts the test_rsa.pub to PKCS8-Format which we pipe to ssh-keygen to show us the fingerprint.
i used Debian on Windows (https://wiki.debian.org/InstallingDebia ... emForLinux) you could also copy the file to a real debian or another linux (probably there is also some ssh-keygen version for windows available - however, i use debian on windows).


then you'll get the MD5 style fingerprint which you use to verify that your putty really connects to the wanted ssh host.

Who is online

Users browsing this forum: Google [Bot], SiB and 82 guests