Community discussions

MikroTik App
 
pythoner6
just joined
Topic Author
Posts: 4
Joined: Sat Nov 12, 2022 5:14 am

Certificate Based SSH

Sat Nov 12, 2022 5:34 am

I just acquired a CRS328-24P-4S+RM, and I have been trying to figure out if there is any way to configure ssh to use certificates, both for the host key, and to add a trusted user ca. It doesn't seem like there's a way to do this, am I missing anything? I was very disappointed upon receiving the switch to realize that unlike the other managed switches I've used where I had standard shell access on ssh, on RouterOS I only get a limited non-standard shell.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Certificate Based SSH

Sat Nov 12, 2022 9:48 am

standard shell access on ssh, on RouterOS I only get a limited non-standard shell
What is "standard" and what is "limited"? Can you explain?
 
pythoner6
just joined
Topic Author
Posts: 4
Joined: Sat Nov 12, 2022 5:14 am

Re: Certificate Based SSH

Wed Nov 16, 2022 5:59 am

standard shell access on ssh, on RouterOS I only get a limited non-standard shell
What is "standard" and what is "limited"? Can you explain?
Ah, looking back at that I maybe wrote that a bit strongly, when I was frustrated. However to be clear what I mean, I'm used to ssh'ing into devices (even network devices) and getting a normal linux shell (e.g. bash, dash, etc).
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Certificate Based SSH

Wed Nov 16, 2022 8:58 am

In that sense, RouterOS only provides "limited" shell. Syntax aside, it allows to set each and every feature your device can perform under ROS so functionality-wise it's "power-user" shell. The nicest thing about CLI, loved by many Mikrotik afictionados, is that follows the same principles as GUI. Which means that (working) CLI examples for configuring device are easily followed in any of GUIs (winbox and webfig). And I, as an example of before mentioned afictionados, certainly hope this CLI stays.

So the only practical difference between "full shell" and MT's "limited" shell is that in MT CLI is directly invoked after logging in whereas elsewhere one has to run it manually. As to access to configuration files: there are many different syntaxes and learning all of them isn't trivial either. So it's often easy to get something wrong and that's another possibility to break things (not that this is impossible with MT's CLI).

Who is online

Users browsing this forum: Google [Bot] and 59 guests