Recently I wanted to try out a RouterOS minimal install on an older PIII machine. That means only the "system" package from the v3.13 install CD. After install I gave it an IP, identity and some password for the "admin" user.
I noted the description of the "security" package when you are presented with chosing the packages through the ROS installation:
As it was a minimal install; this package didn't made it's way to the box.Provides support for IPSEC, SSH and secure connectivity with WinBox.
So I tried the following on the LAN:
- Connect via WinBox; "Secure Mode" disabled. It works.
- Connect via WinBox; "Secure Mode" enabled. It works, too. (Why?!)
- Connect via telnet. It works.
- Connect via SSH. Connection refused.
1) The description on the install screen is wrong; you can use WinBox' "Secure Mode" without the "security" package being present on the MT device. Please correct the description. It happens; not a big issue...
2) So you really think that when you "talk" with WinBox in Secure Mode to ROS it's encrypted? Maybe no. Maybe WinBox doesn't give a sh!t to tell you it just switched back from RC4 (or whatever cipher it uses) to Plain Text (TM).
I cannot help but when I see SSH not happening without the "security" package I have to say that I consider the 2nd answer more likely. And I don't like it.
Please, state the facts.