I've raised a support ticket for this (in March) and just had my first reply (4 weeks later!), and the response was to "enable strong crypto" under /ip/ssh but that's for the SSH *server*, not the client.
Please can Mikrotik support place this in the long queue of things that need to be fixed. Many SFTP servers won't support these legacy HMAC algorithms without forcing them to downgrade their security.
For anyone who cares, here's the backup script. 90% of this was written by ChatGPT4.
Code: Select all
# Variables
:local sftpServer "<Server IP>"
:local sftpUser "<SFTP user>"
:local sftpPass "<SFTP user password>"
# Set subdirectory on SFTP server
:local sftpDirectory "/network"
#Define what port the SFTP server is listening on
:local sftpPort 22
# Define binary backup and RSC export file names
:local backupFileName ("config_backup_" . [/system identity get name] . "_" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6])
:local exportFileName ("config_export_" . [/system identity get name] . "_" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6])
# Generate binary backup
/system backup save name=$backupFileName
# Generate export
/export file=$exportFileName
# Wait for backup files to be created
:delay 10s
# SFTP URL format
:local sftpUrl ("sftp://" . $sftpServer . ":" . $sftpPort . $sftpDirectory . "/")
# Upload binary backup to SFTP server
/tool fetch url=($sftpUrl . $backupFileName . ".backup") src-path=($backupFileName . ".backup") user=$sftpUser password=$sftpPass upload=yes
# Upload export to SFTP server
/tool fetch url=($sftpUrl . $exportFileName . ".rsc") src-path=($exportFileName . ".rsc") user=$sftpUser password=$sftpPass upload=yes
# Remove local binary backup file
/file remove ($backupFileName)
# Remove local backup file
/file remove ($exportFileName . ".rsc")
