Community discussions

MikroTik App
 
jaxbluesbass
just joined
Topic Author
Posts: 10
Joined: Mon Dec 05, 2022 3:24 pm

info related secure access over Mikrotik

Mon Dec 05, 2022 3:36 pm

Hi all, I'm new to the forum and I hope I posted in the correct section.

I would like to understand if there is the possibility to access Mikrotik with a certificate or with a key.

the situation is that:

to give us technicians a certificate and log into the routers only with the certificate using the web interface or the winbox interface.
it's possible?

regards and thks
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: info related secure access over Mikrotik

Wed Dec 28, 2022 9:18 pm

I would like to understand if there is the possibility to access Mikrotik with a certificate or with a key [...] to give us technicians a certificate and log into the routers only with the certificate using the web interface or the winbox interface.
it's possible?
Only SSH has keys, so if you use the CLI, pretty easy. winbox hasn't own protocol that only support username/password. And, RouterOS users today cannot be tied to an X.509 client certificate, only SSH keys.

I've actually want to do similar with at least REST/webfig: use an browser-side X.509 client cert that would match a RouterOS user to do HTTPS without needing a password – I put in feature request in on it, but imagine it will be a wait.

There is https://help.mikrotik.com/docs/display/ROS/User+Manager that is a seperate package, might be useful. But also won't help with winbox + 2FA/cert/etc if that's your issue. And winbox is pretty "homegrown", with its own encryption schemes, so I'd image it never support 2FA/cert/etc. And on YouTube MT seems to be pitching SSH and REST.

@jaxbluesbass, I would recommend you write a better, more specific title for your postings next time – it might get more attention... You have a reasonable request here...but the title looks like a spambot

Who is online

Users browsing this forum: No registered users and 12 guests