Community discussions

MikroTik App
 
User avatar
shalak
newbie
Topic Author
Posts: 41
Joined: Sat Aug 24, 2019 11:47 am

Import private SSH key via CLI in RotuerOS 7.7+

Sun Feb 12, 2023 6:04 pm

I'm provisioning my good old hap ac2 that runs ROS 6 with CLI scripts. Now I'm upgrading it to Chateau, and there are several commands that stopped working for Router 7.7+.

First are the
/interface/wireless
which I understand has been deprecated in favor of
wifiwave2
package. I guess the only option is to refactor my configuration script.

However, the following also doesn't work:
/user ssh-keys private import user=admin private-key-file=flash/id_rsa_router public-key-file=flash/id_rsa_router.pub passphrase=""
There's no
public-key-file
, nor
passphrase
parameters now with
/user/ssh-key/private/import
.

How can I import my keys via non-interactive CLI?
 
pjkundert
just joined
Posts: 7
Joined: Tue Aug 18, 2009 5:48 am

Re: Import private SSH key via CLI in RotuerOS 7.7+

Mon Apr 03, 2023 7:53 pm

I'm running into the same thing; trying to create scripting to automate the deployment of private keys is now impossible.

Mikrotik: Please add the "passphrase=" parameters to the /user/ssh-keys/private/import command!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Import private SSH key via CLI in RotuerOS 7.7+

Mon Apr 03, 2023 10:50 pm

You run the script on Terminal, on SSH, on script, on scheduler or by importing .rsc?

But, regardless of the missing password (is asked on terminal/SSH, not on script/scheduler) the correct syntax is:
/user ssh-keys
import public-key-file=pubkey.ext user=username
private import private-key-file=prikey.ext user=username

With /system ssh-exec can be circumvented, but SSH must already be configured and working, and loopback (127.0.0.1) not blocked on firewall:
/system ssh-exec address=127.0.0.1 output-to-file=results.txt \
command="/user ssh-keys;import public-key-file=pubkey.ext user=username;private import private-key-file=prikey.ext user=username\n<PASSWORD>\n"
Just replace <PASSWORD> with correct password.

Who is online

Users browsing this forum: cyrq and 21 guests