Community discussions

MikroTik App
 
moshepupkin
just joined
Topic Author
Posts: 7
Joined: Sat May 13, 2023 7:05 pm

logging with ssh public key

Sat May 13, 2023 7:07 pm

I followed the guide here (https://wiki.mikrotik.com/wiki/Use_SSH_ ... key_login) and not only password-less log in didn't work, but even the password stopped working. Then I removed the key and the password started working again. Ideas?
 
User avatar
mooteel
just joined
Posts: 2
Joined: Wed Jan 25, 2023 3:24 pm

Re: logging with ssh public key

Wed May 17, 2023 8:21 pm

I'm glad I'm not the only one who noticed this...

rsa private keys used to work fine in 7.8 .
It suddenly stopped working at around 7.9beta4 when ed25519 was introduced.
But even keys with ed25519 don't work now.

I guess something got broken with the new ssh code.
Unless something changed in the way we should import the keys in RouterOS and the manual doesn't reflect this.

Just weird...
 
serkamil
just joined
Posts: 7
Joined: Wed Jun 01, 2016 5:25 pm

Re: logging with ssh public key

Mon May 29, 2023 11:46 am

Hello,

I also have a problem with login by SSH public key.
[geadmin@rtr.lesko-ing.com.pl] > /system/ssh-exec user=geadmin address=192.168.40.3 command="/system/resource/print" 
failure: authentication failure
On the same key I can login from linux without any problem.

So problem exist between Mikrotik and Mikrotik.

Can anyone also confirm this issue?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: logging with ssh public key

Mon May 29, 2023 3:28 pm

General observation: on 7.9.1 importing RSA public key works as it used to. It's nice to have backup way of logging into device after public key is imported ... one way is using winbox (if that's not blocked), another way is to set /ip/ssh/set always-allow-password-login=yes ... if it's left to default (which is "no"), then users with public key imported can't login using password anymore. This setting can be reverted to "no" after password-less login is tested to work.
 
teleport
newbie
Posts: 43
Joined: Mon Sep 07, 2020 11:51 pm

Re: logging with ssh public key

Fri Jun 02, 2023 1:46 pm

Hello,

I also have a problem with login by SSH public key.
[geadmin@rtr.lesko-ing.com.pl] > /system/ssh-exec user=geadmin address=192.168.40.3 command="/system/resource/print" 
failure: authentication failure
On the same key I can login from linux without any problem.

So problem exist between Mikrotik and Mikrotik.

Can anyone also confirm this issue?
i can confirm that this is an issue. i used a script to reboot Unifi AP every week and now the Unifi AP has uptime of 53 days. clearly a bug that was introduced in last 1.5 months. have created SUP-118158 support ticket.please create one to bring it to Mikrotik attention apart from putting it in forum
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: logging with ssh public key

Fri Jun 09, 2023 3:51 pm

I have the same problem with Mikrotik to Mikrotik ssh-key based authentication. It asks for password and says authentication failure. Keys were imported correctly as per wiki
 
matiss
MikroTik Support
MikroTik Support
Posts: 24
Joined: Fri Dec 30, 2016 10:13 am

Re: logging with ssh public key

Fri Jun 09, 2023 4:03 pm

The issue has been identified, and we look forward to fixing it on upcoming RouterOS versions
 
teleport
newbie
Posts: 43
Joined: Mon Sep 07, 2020 11:51 pm

Re: logging with ssh public key

Thu Jun 15, 2023 3:30 am

The issue has been identified, and we look forward to fixing it on upcoming RouterOS versions
above is not fixed in 7.10rc6 (where it is mentioned as fixed). still get same 'authentication failure' when accessing remote SSH host as ssh-exec and 'welcome back' message as ssh.
works fine when tried from linux client
this used to work fine before 7.9 and now has suddenly stopped working.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: logging with ssh public key

Thu Jun 15, 2023 2:08 pm

What's new in 7.10rc6 (2023-Jun-13 10:52):

*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);

This seemed to be fixed at first, but if you import both the private and public key on both routers, then the authentication still fails, eg:

Execute on R1:
/user/add group=full name=adminssh
/user/ssh-keys/private/import user=adminssh private-key-file=key

Execute on R2:
/user/add group=full name=adminssh
/user/ssh-keys/import user=adminssh public-key-file=key.pub

R1 could connect to R2.

However:

Executing this on *both* R1 and R2 (so they can both connect to each other):
/user/add group=full name=adminssh
/user/ssh-keys/private/import user=adminssh private-key-file=key
/user/ssh-keys/import user=adminssh public-key-file=key.pub

Now R1 can't connect to R2, and R2 can't connect to R1.

It seems to break when you add the same private key to the second router. What's even more strange is that when you then remove the private key to make it like it was before when it worked, it still doesn't work and you need to start all over
 
teleport
newbie
Posts: 43
Joined: Mon Sep 07, 2020 11:51 pm

Re: logging with ssh public key

Thu Jun 15, 2023 10:59 pm

The issue has been identified, and we look forward to fixing it on upcoming RouterOS versions
above is not fixed in 7.10rc6 (where it is mentioned as fixed). still get same 'authentication failure' when accessing remote SSH host as ssh-exec and 'welcome back' message as ssh.
works fine when tried from linux client
this used to work fine before 7.9 and now has suddenly stopped working.
with below steps, the issue is resolved:

remove private (on RouterOS) and public (on the remote host) keys;
downgrade RouterOS to version 7.8;
Export RouterOS SSH keys;
import new private key in RouterOS, the public key in the remote host;
check if ssh-exec to the remote host works;
upgrade RouterOS to version 7.10 and check if ssh-exec to the remote host works.
 
User avatar
mooteel
just joined
Posts: 2
Joined: Wed Jan 25, 2023 3:24 pm

Re: logging with ssh public key

Wed Aug 09, 2023 7:18 pm

The issue has been identified, and we look forward to fixing it on upcoming RouterOS versions
Quick update:
Just tried quickly on 7.11 beta and rc builds and it indeed appears to be fixed!
Good work! :D

Who is online

Users browsing this forum: blejzu, Uqbar and 56 guests