Community discussions

MikroTik App
 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

MikroTik to MikroTik SSH

Sat Nov 02, 2024 1:02 pm

Hi everyone,
Just trying to do some ssh-exec from one MikroTik to another MikroTik using SSH key and I always get this error "failure: authentication failure".

I have created a RSA key; uploaded both public and private key to local MikroTik and only public key to the remote device. Both devices have the same user with keys bound to them and also both are running 7.16.1 ROS.
I have also unchecked "Always Allow Password Login" from remote device.

Any idea guys?
 
User avatar
patrikg
Member
Member
Posts: 354
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 6:18 pm

 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 6:57 pm

Hi Patrikg,
I believe I do; and I'm able to SSH to my device using that private key from Windows or Linux but not from another MikroTik which either asks for password or shows authentication failure.
 
flynno
Member
Member
Posts: 319
Joined: Wed Aug 27, 2014 8:11 pm

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 7:34 pm

I had this issue before, cant remember how I solved it,

Go to system > Users > SSH Keys - Import SSH Key

Then

Go to system > Users > SSH Private Keys - Import SSH Private Key
 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 8:15 pm

I removed all the keys and this time imported RSA keys, generated by PuttyGen; still no success.
 
User avatar
patrikg
Member
Member
Posts: 354
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 9:06 pm

Using windows i see(yoda), maybe the files are treated different, you may not use the correct end line char then.
puttygen may produce wrong there for Mikrotik Linux way of end lines.

So if you take the file into some editor or use the Linux command dos2unix to convert the files.
You could also test to use the Linux command (ssh-keygen) to create the keys.

It has to do with the public key in the client side (Mikrotik device), because you get it working to connect from the pc with the private key. To the server side.
 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 9:32 pm

I regenerated the keys using ssh-keygen, no success though.
They newly generated keys work fine for SSH through windows.
 
User avatar
patrikg
Member
Member
Posts: 354
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 9:45 pm

Have you seen this:

https://youtu.be/8tt7fSvdFRM
 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 10:17 pm

Yeah, I've watched it.
First, I tried using exported host keys; didn't work.
Then I tried generating keys with "ssh-keygen -t rsa -b 2048" command; didn't work, either.
 
User avatar
patrikg
Member
Member
Posts: 354
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 10:27 pm

Do you import them into the correct user ?
Or do you only using admin as username.
 
soltanpour
just joined
Topic Author
Posts: 14
Joined: Thu Apr 06, 2017 5:18 am

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 10:36 pm

I have created a special group with ssh-read-write as allowed policies.
After that, I created a user and assigned it to this group.
I've bound my keys to this user both on local and remote MikroTik devices.
Also as a test, I tried admin user who has full access for importing keys; but nothing works!
 
User avatar
patrikg
Member
Member
Posts: 354
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: MikroTik to MikroTik SSH

Sat Nov 02, 2024 11:44 pm

Do you self a favor and do it with the KISS method first.
With defaulted devices and only with the admin user.
And after it's working, you do more and hardening your system.

Who is online

Users browsing this forum: No registered users and 13 guests