Community discussions

MikroTik App
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Run a script with external device (but without another platform)

Sat Mar 25, 2023 4:42 pm

Hi, in past I've solved the problem with Node Red, it supports SNMP as well as Mikrotik does, then I run a sript with proper commands. ON NR side I can do everything I want, for example a web page with a big button "activate".

Now my goal is to run a script without another platform, direct to microtik, ok I can use winnbox but I have to navigate inside menus and so on, I would find something easy, for example an app with a button, or an http page with a button, or telegram message, something easy that anyone inside the LAN can do. (I need to refreshe the provider IP adress since somethimes it doesn't work good).

These are my ideas:
A web page: as I know mikrotik can't host a web server or can't get cgi commands, is it right?
A telegram bot: Mikrotik can't subscribe a bot and listen to commands
An app button: I've tried with SNMP but there are ony a couple of free SNMP apps on google play and for some reasons both of them don't work
A Alunchng a command by SSH: do you know if there is any app that can do it by a button?

Thank you fro ideas
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Run a script with external device (but without another platform)

Sat Mar 25, 2023 4:45 pm

Container, hosted by router itself. You can do almost anything inside a container. IMO it's a bit "heavy iron" just to present users with a big friendly red "activate" button though.
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Run a script with external device (but without another platform)

Sat Mar 25, 2023 4:54 pm

command by SSH: do you know if there is any app that can do it by a button?

If it suffices to double-click the icon and wait for it to do its work, with no need any explicit feedback on the command's success or failure, your OS GUI of choice should have a way to launch any SSH command you like.

With SSH keys set up for a user with sufficient power to run the command you need, there isn't any explicit login step. It uses the pre-shared key to log in and execute the command you set up, which would be something like:

ssh my.router.address '/ip/dhcp-client/renew [find]'

If you do need status feedback, then wrapping that in a script written in your programming language of choice would be pretty trivial.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Run a script with external device (but without another platform)

Sat Mar 25, 2023 5:24 pm

In RouterOS you can perform a script action when the user presses a (physical) button on the router. Some routers have 1, others have 2 buttons (and some have none...).
You can even specify how long the button has to be pressed, e.g. when you want to perform a drastic action and do not want it to be accidentally triggered by a user poking the button.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Run a script with external device (but without another platform)

Sat Mar 25, 2023 9:32 pm

If you own MT device with LTE modem you can run scripts over sms: https://wiki.mikrotik.com/wiki/Manual:T ... s#Examples

Since you mentioned cgi, combining mkx and tangent answers - container running apache httpd https://hub.docker.com/_/httpd which is providing page that runs cgi scripts that runs over ssh mikrotik scripts.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 12:23 pm

Hi mates, thank you for your kind anwers, I would evaluate all fo them:

1) Container: it's really interesting topic, if I get it right router OS is inux and I can open there a container to run something, I'm using now a mipsbe RB750r2 with 20MB free RAM and 3636 KiB of disk, the router is not optimized so maybe I can free more, but is it enough for a container? My goal is a static http page with a button that execute the first script, there is anything ready? If I thin about the tiny web server hosted by arduino, it maybe possibile to have a web server also here, talking about requested resouces.

2) Launch SSH command by an app: this is the quickest and less trouble option, on android I found SSH scrip, I'll test it

3) Running script by SMS: very interesting, but I don't have LTE

4) Press physical button on router: really interesting, but I've only the reset which needs a very thin tool, not handy.

SSH over Cgi request: cool, but it needs an external server (ok, it's available), an active internet connection, a public IP, expose port 22 to interent, Interesting but not the best way.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 12:24 pm


If it suffices to double-click the icon and wait for it to do its work, with no need any explicit feedback on the command's success or failure, your OS GUI of choice should have a way to launch any SSH command you like.
Yes I need to send a command without wait for feedback, but I don't understand what you exactly suggestiong for sending command, I have android, I need an app for that. Or maybe you have a suggestion? )
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 2:06 pm

Yes I need to send a command without wait for feedback, but I don't understand what you exactly suggestiong for sending command, I have android, I need an app for that. Or maybe you have a suggestion? )
You can use some ssh client app on android, like https://play.google.com/store/apps/deta ... i.juicessh. As I see that this particular app has command snippets, so you can upon connection and shell prompt load snippet and execute without manual typing. Maybe you can find some other apps which can just run remote ssh commands without need to open shell over ssh.
Also you have Termux app for android https://play.google.com/store/apps/deta ... com.termux in which you have linux terminal subsystem inside app, you can install packages, create scripts, shell aliases... Termux has widget https://github.com/termux/termux-widget in which you can create shortcut for script, that script will need then to run over ssh script on MT device, in this case you will have one tap/click action.
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 2:22 pm

Container…I'm using now a mipsbe RB750r2

RouterOS's container feature doesn't run on MIPS devices today and likely never will.

SSH over Cgi request: cool, but it needs an external server (ok, it's available), an active internet connection, a public IP, expose port 22 to interent, Interesting but not the best way.

There's nothing about web apps that requires them to be hosted on a public server for use "inside the LAN," as you qualified your initial question. In fact, going out to a public server and then back in merely to provide a one-button reboot service implies so many security risks I don't even want to try listing them all here.

So fine, containers won't run on your MIPS based router, but they will run on every other x86 and ARM-based host on the LAN. There's also virtual machine tech, if you don't mind the bloat of installing a whole other OS atop another.

Surely you have something else on the LAN besides the router that's up all the time and has enough free resources to run a container or a VM in the background. A PC that stays up all the time? The Mac Mini in the closet that serves the iTunes library? The NAS?

I have android, I need an app for that. Or maybe you have a suggestion?

I haven't been a daily Android user in many years now, but a quick search of the Play Store turns up a whole pile of SSH clients.

That having been said, what's wrong with using one of the available MikroTik apps for this? I got the official "MikroTik Home" app running on my ChromeBook, and it'll reboot the router with a few clicks: More → System Settings → Restart → Yes. It isn't a single big red button, but it is pretty easy.
 
GiovanniG
Member
Member
Topic Author
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 2:31 pm

Thnak you for your kind asnwer, this router is in use by some persons, i't too complicated to teach them how to run Winbox on their phones, access the right menu and run the script, without chances they can mess for mistake other parameters. For them I prefer a button. Unfortunately no other external devices run 24/7
The way I have seams run SSH script, I'll look for a simple program for it. I would be lovely to have something like that with SNMP too, there is but is not working good, maybe they can correct it soon.
I'll report here my solutions, if somebody may need that too
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 2:44 pm

Generic Android SSH clients will expose you to the same risk of misconfiguration.

If you need an Android app that does nothing but reboot a remote router, offering zero other functionality, I fear you're going to have to write it yourself.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 2:58 pm

Thnak you for your kind asnwer, this router is in use by some persons, i't too complicated to teach them how to run Winbox on their phones, access the right menu and run the script, without chances they can mess for mistake other parameters.
If this script execution will be performed by someone untrusted/uneducated, create also separate user with read group which will login over ssh and assign script owner to that user.
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 3:20 pm

create also separate user with read group

Better, create a new group with only the "reboot" policy enabled.

assign script owner to that user.

There shouldn't be any need for custom RSC scripting on the RouterOS side. SSH lets you send the "/system/reboot" command string directly over the protocol.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 3:25 pm

There shouldn't be any need for custom RSC scripting on the RouterOS side. SSH lets you send the "/system/reboot" command string directly over the protocol.
Yes, if reboot is actual requirement of that remote execution, it is not explicitly stated by Giovanni.
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 3:54 pm

While you're right that the OP asked for remote DHCP renew, not reboot, rebooting the router would probably do what the OP actually wants. The nice thing about that method is that there's a dedicated user policy for that.

It's always dangerous to assume that the client knows what they want and can put it into coherent terms, and then that this actually expresses the desired end goal. We didn't get the "Android" requirement in this thread until post #6!

But okay, if we're going to provide what the OP said he wanted, I did some testing, and indeed, the user does need "write" to execute "/ip/dhcp-client/renew [find]" via SSH. None of the other available group policies suffice.

However, your suggestion to assign ownership to the restricted user doesn't seem to help. If that user is in a group with only "read + ssh" policy, it can't run this script, even if you enable "write" for the script itself. The user's permissions seem to dominate here. I had to check the "Don't Require Permissions" box to allow this "bob" user to run it:

script.png
You do not have the required permissions to view the files attached to this post.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Run a script with external device (but without another platform)

Tue Mar 28, 2023 4:34 pm

However, your suggestion to assign ownership to the restricted user doesn't seem to help. If that user is in a group with only "read + ssh" policy, it can't run this script, even if you enable "write" for the script itself. The user's permissions seem to dominate here. I had to check the "Don't Require Permissions" box to allow this "bob" user to run it:
Hmm, I did not know that user requires write permission to run script. Doesn't make sense, if admin creates script for user that has limited policies and assigns to him that script, it should mean that script is safe for such user because readonly user cannot modify that script to add additional commands which will break user policies.

Edit: I misread this (ignore above):
However, your suggestion to assign ownership to the restricted user doesn't seem to help. If that user is in a group with only "read + ssh" policy, it can't run this script, even if you enable "write" for the script itself. The user's permissions seem to dominate here. I had to check the "Don't Require Permissions" box to allow this "bob" user to run it:
This makes sense then, this means that you intentionally want as admin to override user policies with script so that such user cannot temper ROS configuration outside script execution.

Who is online

Users browsing this forum: Google [Bot] and 79 guests