I want to connect to a linux (debian) server to run a command there. The connection has to be initiated in a script on the Mikrotik (RouterOS v6.45.1) router. Thus, I need ssh-exec and have to use keys to ssh into the server. As far as I understood, I need to generate private and public keys on my destination host and import them (or only the private one?) to the client (Mikrotik) where I want to initiate the connection from. However, I can't import the keys in the first place. I have enabled strong-crypto using
And for the keys:
/ip ssh set strong-crypto=yes
For the passphrase I just hit enter. Then, I appended the key to the locally authorized:
user@server:~/.ssh$ ssh-keygen -t rsa -f server
and copied the files to the router:
user@server:~/.ssh$ cat server.pub >> authorized_keys
Then, I sshed into the router and tried to import the keys:
user@server:~/.ssh$ scp server* admin@router:/flash/
user@server:~/.ssh$ ssh admin@router [admin@router] > /user ssh-keys private import user="admin" public-key-file=flash/server.pub private-key-file=flash/server passphrase="" unable to load key file (incorrect passphrase?)!
input does not match any value of private-key-file
The server-file has the format
and the server.pub looks like
-----BEGIN OPENSSH PRIVATE KEY----- key.... -----END OPENSSH PRIVATE KEY-----
ssh-rsa AAA......hd6 user@server
What am I doing wrong? I also tried to leave out the passphrase and just hit enter when asked on import. Also generating keys with a passphrase and entering it does not work. I also tried to generate the keys with puttygen, this gives me a (wrong format) error. I also modified the keys according to viewtopic.php?t=48693. But with the same results.
Can someone tell me the steps to properly import the keys? Am I on the right path, anyway? Because according to http://www.linuxproblem.org/art_9.html, it seems like I'm interchanging the roles of router (A) and server (B). However, following https://wiki.mikrotik.com/wiki/Use_SSH_ ... o_RouterOS is my approach above, isn't? basically, it's like in viewtopic.php?t=128887#p633303 but from RouterOS to host, not RouterOS to RouterOS.
Thanks a lot
PS: When I add the server.pub in System -> Users-> SSH keys, I can login from the server to the router without a password by
. But I need it the other way round.
user@server:~/.ssh$ ssh -i server admin@router