Hi There.
I am setting up a script to pre-configure a bunch of Mikrotiks for the company. In them i need to do a couple of things, and have 99.9% done everything, except the users
I basically need to add 2 users with Full Rights, then remove the admin user
My question is: since this is a rsc file, and of course not encrypted, Is there a way in which i can add the password using a MD5 hash?
I don't want my field technicians or nosy customers knowing the "master password" of the router, which they can find through simply opening the script in notepad..
I've searched for ages trying to find the answer, but to no avail.
Anyone have a clue?
Re: add system users via script
Hi There.
I am setting up a script to pre-configure a bunch of Mikrotiks for the company. In them i need to do a couple of things, and have 99.9% done everything, except the users
I basically need to add 2 users with Full Rights, then remove the admin user
My question is: since this is a rsc file, and of course not encrypted, Is there a way in which i can add the password using a MD5 hash?
I don't want my field technicians or nosy customers knowing the "master password" of the router, which they can find through simply opening the script in notepad..
I've searched for ages trying to find the answer, but to no avail.
Anyone have a clue?
Not sure this is exactly what you are looking for but TealFrog had written a script for MD5 a while back on this forum and perhaps it could be of use: http://forum.mikrotik.com/viewtopic.php?t=62895
I would recommend taking the easy path and follow MikroTik's wiki by just setting up each new user with a separate password and different access level: http://wiki.mikrotik.com/wiki/Securing_your_router
Re: add system users via script
not even close to what i need! 
-
-
boen_robot
Forum Guru
- Posts: 2400
- Joined:
- Location: europe://Bulgaria/Plovdiv
Re: add system users via script
You can't add the password as a hash of any sort.
You could make the "final stage" of the configuration call a remote web site with "/tool fetch". The web server would connect back via the API protocol, and set the users and passwords over that. The only way "nosy" people could find out the new user's password is if they set up a packet listener in between the MikroTik router and their internet, but they'd have to be very actively seeking for that password to even think of setting such a thing up.
If you also distribute a certificate and connect via the SSL API, then even a packet listener won't help them.
If your routers are sometimes part of NAT-ed networks, you could set up a VPN, and make the routers first join in as part of their initial configuration. That way, the web server would be able to connect regardless of their internet settings.
You could make the "final stage" of the configuration call a remote web site with "/tool fetch". The web server would connect back via the API protocol, and set the users and passwords over that. The only way "nosy" people could find out the new user's password is if they set up a packet listener in between the MikroTik router and their internet, but they'd have to be very actively seeking for that password to even think of setting such a thing up.
If you also distribute a certificate and connect via the SSL API, then even a packet listener won't help them.
If your routers are sometimes part of NAT-ed networks, you could set up a VPN, and make the routers first join in as part of their initial configuration. That way, the web server would be able to connect regardless of their internet settings.