Community discussions

MikroTik App
 
th0massin0
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Sun May 11, 2014 4:16 am
Location: Poland

Feature Request: Ed25519 SSH keys

Tue Jun 07, 2016 1:20 pm

As in subject, everybody will sleep better if the support of Ed25519 keys will be available in ROS7 (or 6!)
 
azol
just joined
Posts: 4
Joined: Thu Sep 28, 2017 5:06 pm

Re: Feature Request: Ed25519 SSH keys

Tue Oct 03, 2017 6:18 pm

agree, +1
 
WzL
just joined
Posts: 9
Joined: Tue Dec 02, 2014 4:00 pm

Re: Feature Request: Ed25519 SSH keys

Thu Nov 16, 2017 10:24 pm

+1, this feature is much missed here!
 
User avatar
Anastasia
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Wed Oct 28, 2015 7:12 pm

Re: Feature Request: Ed25519 SSH keys

Mon Jan 28, 2019 3:06 pm

+1 add support Ed25519.
 
cypa
newbie
Posts: 25
Joined: Mon Apr 01, 2013 11:20 am

Re: Feature Request: Ed25519 SSH keys

Mon Mar 23, 2020 1:34 pm

+1 we need this!!!
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature Request: Ed25519 SSH keys

Mon Mar 23, 2020 1:47 pm

 
cypa
newbie
Posts: 25
Joined: Mon Apr 01, 2013 11:20 am

Re: Feature Request: Ed25519 SSH keys

Mon Mar 23, 2020 1:58 pm

OK could you please hint what do I do wrong?
[cypa@hAP.k16] > user ssh-keys import public-key-file=id_ed25519.pub 
unable to load key file (wrong format?) !
[cypa@hAP.k16] > system resource print 
                   uptime: 56m26s
                  version: 6.46.4 (stable)
               build-time: Feb/21/2020 11:26:37
         factory-software: 6.34.2
              free-memory: 6.4MiB
             total-memory: 32.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 650MHz
                 cpu-load: 7%
           free-hdd-space: 7.7MiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 115
         write-sect-total: 30299
               bad-blocks: 0%
        architecture-name: smips
               board-name: hAP lite
                 platform: MikroTik
[cypa@hAP.k16] >
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Mon Mar 23, 2020 3:24 pm

Nothing wrong, ed25519 is not supported.
 
VVL
just joined
Posts: 1
Joined: Thu Sep 03, 2020 1:48 am

Re: Feature Request: Ed25519 SSH keys

Thu Sep 03, 2020 1:53 am

Nothing wrong, ed25519 is not supported.
In 7.1beta2 wireguard protocol was added. It use ed25519 as one of algorithm. Maybe it possible to add ssh support of this algo too?
 
Markg23
just joined
Posts: 5
Joined: Sun Oct 25, 2020 8:44 am
Location: Spain

Re: Feature Request: Ed25519 SSH keys

Tue Dec 08, 2020 1:39 pm

+1 It would be great if RouterOS support ssh Ed25519 keys
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature Request: Ed25519 SSH keys

Tue Dec 08, 2020 9:05 pm

In 7.1beta2 wireguard protocol was added. It use ed25519 as one of algorithm. Maybe it possible to add ssh support of this algo too?

wireguard and ssh don't necessarily share encryption libraries so support for certain key types in one of these services doesn't mean support for same key type in the other service. However the trend in IT is to re-use things and hopefully wireguard and ssh will share encryption library ... not only to provide same level of support for key types but to reduce size of install as well.
 
akschu
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Mar 15, 2012 2:09 am

Re: Feature Request: Ed25519 SSH keys

Tue Jun 22, 2021 9:55 pm

Please! I'm deploying cert based auth and this is needed.
 
User avatar
Paradox
just joined
Posts: 20
Joined: Fri Oct 15, 2021 3:50 pm

Re: Feature Request: Ed25519 SSH keys

Fri Oct 15, 2021 3:53 pm

Hi,

I'd like to use Ed25519 SSH keys, too. I do not use any other key formats anymore.

Please add it!
 
yottabit
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

Re: Feature Request: Ed25519 SSH keys

Thu Nov 25, 2021 5:51 pm

6.49.1 here and still no support for ed25519 keys. As I can no longer use sha-1 RSA keys, I would like to use the currently most secure format and not manage so many different keys just because a vendor refuses to update security to the best practices.

Can we get ed25519 support in v6 please??

Edit: I can't even get ecdsa to import, sigh.

Edit 2: workaround for now is to use rsa-sha2-256, which is still not as secure as ed25519 but it's the best that RouterOS v6 currently supports. To generate this key using openssh:
$ ssh-keygen -t rsa-sha2-256
I'm still going to be maintaining this weaker key for RouterOS only, and an ed25519 key for everything else.
Last edited by yottabit on Thu Nov 25, 2021 6:12 pm, edited 2 times in total.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Thu Nov 25, 2021 5:54 pm

I have a support/feature ticket on that topic (SUP-61929). Answer from MikroTik:
Thank you for your feedback. We will consider adding this feature in the future.
That's better than 'No' I guess... So go and place your own issue...
 
yottabit
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

Re: Feature Request: Ed25519 SSH keys

Thu Nov 25, 2021 6:15 pm

Done, SUP-67007.
 
guipoletto
Member Candidate
Member Candidate
Posts: 195
Joined: Mon Sep 19, 2011 5:31 am

Re: Feature Request: Ed25519 SSH keys

Thu Nov 25, 2021 11:20 pm

Done, SUP-67007.
did they offer a timeline?
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature Request: Ed25519 SSH keys

Thu Nov 25, 2021 11:49 pm

I only know the start of the first request and that was more than 5 years ago.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Fri Nov 26, 2021 12:35 am

Timeline? Currently we do not know whether or not we will see this any time soon or at all.
So if you want this... Open your own issue to make Mikrotik aware of the interest.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: Feature Request: Ed25519 SSH keys

Tue Apr 12, 2022 6:00 pm

It seems we first need support for modern signature algorithms (rsa-sha2-256/512, ssh-ed25519, ecdsa-sha2-nistp256/384/521).
With the release of OpenSSH 9.0, ssh-rsa is officially deprecated and disabled by default, which seems to be the only supported algorithm in RouterOS 6+7 (next to ssh-dss, also deprecated).
Connecting to the router using a rsa key now fails, and adding an exception to allow ssh-rsa again on every machine running openssh 9.0+ is not an option.
 
yottabit
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

Re: Feature Request: Ed25519 SSH keys

Tue Apr 12, 2022 9:17 pm

Done, SUP-67007.
did they offer a timeline?
No. They didn't commit to v6 at all, and just said "shortly" for v7. That was on 2021-12-28. No updates since.
 
User avatar
CarlitoxxPro
newbie
Posts: 35
Joined: Wed Jan 04, 2017 10:15 am
Location: Spain
Contact:

Re: Feature Request: Ed25519 SSH keys

Mon Jun 20, 2022 1:55 pm

+1, this should be a must

@strods, please could you ping internally to the security team and let us know if is in the roadmap and what is the ETA.

Thanks in advance.
 
mikrotip
just joined
Posts: 2
Joined: Sat Sep 10, 2022 3:46 pm

Re: Feature Request: Ed25519 SSH keys

Sat Sep 10, 2022 5:01 pm

What is the problem? 6 years passed. Is there some update about the feature?
 
User avatar
foorschtbar
just joined
Posts: 7
Joined: Wed Oct 13, 2021 12:41 am

Re: Feature Request: Ed25519 SSH keys

Wed Sep 21, 2022 4:01 pm

I switched to ed25519 and my Mikrotik devices are the only ones that don't support it yet :(
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature Request: Ed25519 SSH keys

Wed Sep 21, 2022 4:05 pm

Patience, you don't have to protect the "Deutsche Bank" anyway, right?
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Feature Request: Ed25519 SSH keys

Thu Sep 22, 2022 1:15 am

Six years stretches the word “patience” all out of shape.

This in a world where RouterOS has dropped DSA (as it should) leaving only the semi-obsolescent RSA, a tech older than most of the board’s participants, I’d warrant.

It’s past time for this lack to be filled. The option to DIY a fix for ourselves with containers is either unavailable or unpalatable: most devices aren’t ARM, and even with those that are, a scripted bounce thru an OpenSSH container sucks.

Get it done, MikroTik!
 
User avatar
foorschtbar
just joined
Posts: 7
Joined: Wed Oct 13, 2021 12:41 am

Re: Feature Request: Ed25519 SSH keys

Thu Sep 22, 2022 2:13 pm

Patience, you don't have to protect the "Deutsche Bank" anyway, right?
When u today create a new Keypair, why not use ED25519? There more improvements, like the shorter keys, and not only MoRE SEcuRe!!!11elf
 
yottabit
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

Re: Feature Request: Ed25519 SSH keys

Thu Sep 22, 2022 4:38 pm

Most of my ssh hosts won't even accept rsa keys anymore. So I have to maintain ed25519 for them, and a separate rsa key just for the RouterOS hosts. It's very annoying.
 
gazmirb
just joined
Posts: 1
Joined: Sun Jan 22, 2023 1:42 pm

Re: Feature Request: Ed25519 SSH keys

Sun Jan 22, 2023 1:45 pm

either with update 7.7 my mikrotik doesnt support Ed25519 key :?
 
User avatar
shalak
newbie
Posts: 41
Joined: Sat Aug 24, 2019 11:47 am

Re: Feature Request: Ed25519 SSH keys

Sun Jan 22, 2023 9:05 pm

As of the most recent macOS update (Ventura, 13.1), by default it no longer allows RSA to be used for SSH client.

You have to explicitly allow it in SSH config:
Host * 
    PubkeyAcceptedKeyTypes=+ssh-rsa
    HostKeyAlgorithms=+ssh-rsa
Any updates on implementing ed25519?
 
yottabit
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

Re: Feature Request: Ed25519 SSH keys

Sun Jan 22, 2023 9:10 pm

6.5 years since original post. 2 years since they said "shortly" in my ticket. We need a reference for what "shortly" means in this case? Software dev cycles? Human lifespan? Galactic time scale? 😅
 
fmikker
just joined
Posts: 2
Joined: Tue Oct 17, 2017 11:00 pm

Re: Feature Request: Ed25519 SSH keys

Tue Jan 31, 2023 5:04 pm

I'm still waiting too..
 
seb13
just joined
Posts: 10
Joined: Mon Sep 12, 2016 10:11 pm

Re: Feature Request: Ed25519 SSH keys

Thu Feb 02, 2023 5:10 pm

+1!
 
Naoy
just joined
Posts: 1
Joined: Wed Mar 08, 2023 12:13 am

Re: Feature Request: Ed25519 SSH keys

Wed Mar 08, 2023 12:17 am

We're in 2023 and Ed25519, the most used ECDH protocol, is still not supported...
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Wed Mar 08, 2023 10:13 pm

Perhaps in 7.9beta? *holding thumbs*
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Mon Dec 05, 2016 11:19 am

Re: Feature Request: Ed25519 SSH keys

Wed Mar 08, 2023 10:46 pm

+1 this should really of been added in many years ago. This should not be too hard to implment.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature Request: Ed25519 SSH keys

Wed Mar 08, 2023 11:22 pm

This should not be too hard to implment.
Like count on BGP routes?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: Ed25519 SSH keys

Thu Mar 09, 2023 12:09 am

Reinventing the wheel properly takes time. ;) And they like to do it a lot, example: viewtopic.php?p=965896#p965896
 
JohnConnett
newbie
Posts: 29
Joined: Thu Feb 23, 2023 2:27 pm

Re: Feature Request: Ed25519 SSH keys

Fri Mar 10, 2023 1:10 pm

+1. Really surprised this still isn't supported in 2023!
 
User avatar
Paradox
just joined
Posts: 20
Joined: Fri Oct 15, 2021 3:50 pm

Re: Feature Request: Ed25519 SSH keys

Mon Mar 20, 2023 5:39 pm

I have a support/feature ticket on that topic (SUP-61929).
Also did a feature request...
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: Feature Request: Ed25519 SSH keys

Fri Mar 31, 2023 2:57 pm

What's new in 7.9beta4 (2023-Mar-23 15:01):
*) ssh - added Ed25519 host key support;
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Feature Request: Ed25519 SSH keys

Fri Mar 31, 2023 5:34 pm

That's only the host key part. It doesn't let you set up pre-shared ed25519 keys per user.

One hopes the latter piece is coming later in the 7.9 beta process.
 
theprojectgroup
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Feb 21, 2017 11:40 pm

Re: Feature Request: Ed25519 SSH keys

Sat Apr 01, 2023 9:11 pm

+1. Please, still unsupported in 2023?
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: Feature Request: Ed25519 SSH keys

Thu Apr 06, 2023 12:35 pm

7.9rc2 changelog:
Changes in this release:

*) ssh - added support for Ed25519 key export and import in PKCS8 format;
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Thu Apr 06, 2023 5:37 pm

This is still just host key support, not public key authentication.
 
rotor
just joined
Posts: 2
Joined: Mon Jan 23, 2023 10:56 pm

Re: Feature Request: Ed25519 SSH keys

Wed May 03, 2023 12:58 pm

Confirmed it still doesn't import on 7.9.
[admin@MikroTik] > /user/ssh-keys/import public-key-file=id_ed25519.pub user=admin
unable to load key file (wrong format or bad passphrase)!
[admin@MikroTik] > /system/resource/print 
                   uptime: 13h5m31s
                  version: 7.9 (stable)
               build-time: May/02/2023 05:35:06
         factory-software: 6.46.3
              free-memory: 201.8MiB
             total-memory: 256.0MiB
                      cpu: MIPS 1004Kc V2.15
                cpu-count: 4
            cpu-frequency: 880MHz
                 cpu-load: 4%
           free-hdd-space: 4208.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 2563
         write-sect-total: 375345
        architecture-name: mmips
               board-name: hEX
                 platform: MikroTik
[admin@MikroTik] > 
 
infabo
Long time Member
Long time Member
Posts: 585
Joined: Thu Nov 12, 2020 12:07 pm

Re: Feature Request: Ed25519 SSH keys

Wed May 10, 2023 2:41 pm

And now I'd like to use my ED25519-SK token for public key authentication. That's still not possible in ROS 7.9
 
mantouboji
newbie
Posts: 40
Joined: Mon Aug 01, 2022 2:21 pm

Re: Feature Request: Ed25519 SSH keys

Mon May 29, 2023 11:22 am

how long should we wait ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature Request: Ed25519 SSH keys

Mon May 29, 2023 11:26 am

how long should we wait ?
Until it's finished.
 
lucidnx
just joined
Posts: 15
Joined: Tue Jan 08, 2019 10:17 am

Re: Feature Request: Ed25519 SSH keys

Sat Jun 10, 2023 4:59 pm

I would love ed25519-sk support as well since I am using yubikeys.
 
mantouboji
newbie
Posts: 40
Joined: Mon Aug 01, 2022 2:21 pm

Re: Feature Request: Ed25519 SSH keys

Wed Jul 19, 2023 12:04 pm

How about the progress ?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature Request: Ed25519 SSH keys

Thu Aug 17, 2023 1:02 pm

Available now in 7.12beta1! 🥳
 
lucidnx
just joined
Posts: 15
Joined: Tue Jan 08, 2019 10:17 am

Re: Feature Request: Ed25519 SSH keys

Wed Oct 18, 2023 2:19 pm

what about ED25519-SK? is this planned?
 
alexunderboots
just joined
Posts: 1
Joined: Thu Nov 02, 2023 3:18 pm

Re: Feature Request: Ed25519 SSH keys

Mon Dec 04, 2023 4:12 pm

7.12.2 steel not work (((((
 
alexdelprete
just joined
Posts: 2
Joined: Sat Mar 18, 2023 4:51 pm

Re: Feature Request: Ed25519 SSH keys

Mon Dec 04, 2023 6:11 pm

Available now in 7.12beta1! 🥳
user ed25519 keys are in 7.12?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature Request: Ed25519 SSH keys

Mon Dec 04, 2023 7:19 pm

Available now in 7.12beta1! 🥳
user ed25519 keys are in 7.12?
Yes.
 
alexdelprete
just joined
Posts: 2
Joined: Sat Mar 18, 2023 4:51 pm

Re: Feature Request: Ed25519 SSH keys

Mon Dec 04, 2023 10:11 pm



user ed25519 keys are in 7.12?
Yes.
Thank you. I must have missed it in the changelog.
 
Minnesnowta
just joined
Posts: 6
Joined: Sat Oct 11, 2014 8:20 pm

Re: Feature Request: Ed25519 SSH keys

Fri Feb 23, 2024 6:50 am

I'm so glad that I can use a reasonably sized ssh key! Thanks devs!

Who is online

Users browsing this forum: BinaryTB, Bing [Bot], rplant and 71 guests