Community discussions

MikroTik App
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

SSH key import on V7.3.1

Sun Jul 10, 2022 10:23 pm

I use a rsa key generated on my remote server that I have my Mikrotik devices log into.
I import the public/private RSA key pair as described in this wiki

https://wiki.mikrotik.com/wiki/Use_SSH_ ... _key_login

in V6 the key format must be PEM but in V7 I get an error that the format is not allowed.

Is V7 not ready for this yet?
 
guipoletto
Member Candidate
Member Candidate
Posts: 195
Joined: Mon Sep 19, 2011 5:31 am

Re: SSH key import on V7.3.1

Sun Jul 10, 2022 11:47 pm

7.3.1 has a known bug when importing SSH keys

try 7.4.RC2, it should be fixed
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: SSH key import on V7.3.1

Wed Jul 13, 2022 4:50 am

7.4RC2 not working either
 
MultiTricker
just joined
Posts: 10
Joined: Fri Mar 09, 2012 10:17 am
Location: Czech republic
Contact:

Re: SSH key import on V7.3.1

Wed Aug 31, 2022 12:53 pm

I'm having same problem on both 7.4.1 and even 7.5rc2 when importing public key:

/user ssh-keys import public-key-file=id_dsa.pub user=admin
unable to load key file (wrong format or bad passphrase)!

I don't know what is wrong, it was working great so far on old ROS.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: SSH key import on V7.3.1

Wed Aug 31, 2022 1:46 pm

DES and RSA1 keys are deprecated, ECDSA and ED25519 are not yet supported in ROS, your keypair needs to be RSA2.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: SSH key import on V7.3.1

Wed Aug 31, 2022 1:50 pm

What's new in 7.5 (2022-Aug-30 12:25):

*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
 
MultiTricker
just joined
Posts: 10
Joined: Fri Mar 09, 2012 10:17 am
Location: Czech republic
Contact:

Re: SSH key import on V7.3.1

Wed Aug 31, 2022 4:06 pm

rextended - thank you for pointing that out, but 7.5rc2 didn't worked for me.

Sooo... downgraded to 6.49.6 - key imported successfully. I can log in with key.
Upgraded to 7.5 - cannot login with key. I try to import the key and got again:
unable to load key file (wrong format or bad passphrase)!

I might have deprecated keypair type, my key starts with "ssh-dss", but import is working in 7.1. That brings me to changelog and I have found in 7.3:
*) ssh - removed DSA public key authentication support;

So this is it. Damn. Not only marked as deprecated, but already removed.

Thank you for help!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: SSH key import on V7.3.1

Wed Aug 31, 2022 4:45 pm

¯\_( ͡° ͜ʖ ͡°)_/¯
 
User avatar
kehrlein
newbie
Posts: 48
Joined: Tue Jul 09, 2019 1:35 am

Re: SSH key import on V7.3.1

Sun Dec 11, 2022 2:14 pm

Guys, do you have newer information about the support of ECDSA keys in ROS 7?
 
RcRaCk2k
Member Candidate
Member Candidate
Posts: 115
Joined: Mon May 07, 2012 10:40 pm

Re: SSH key import on V7.3.1

Sat Mar 11, 2023 8:18 pm

Also discovering the same issue.
This is unbelievable.

Running v7.8

Now i have changed to RSA, the import will work, but the login fails:
root@trafficgrapher:~/bin/auth# ssh -v -i /root/bin/auth/remote-access_new.rsa remote-user@172.16.15.240
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 172.16.15.240 [172.16.15.240] port 22.
debug1: Connection established.
debug1: identity file /root/bin/auth/remote-access_new.rsa type 0
debug1: identity file /root/bin/auth/remote-access_new.rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to 172.16.15.240:22 as 'remote-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:Syg06JqvjjCag0cFLhs7kY0DrOwS9ySK/TMfAoqsVfA
debug1: Host '172.16.15.240' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
remote-user@172.16.15.240's password

Who is online

Users browsing this forum: Amazon [Bot], bpwl, ips, mkx and 71 guests