mikrotik scp/sftp client to transfer file between MT
I am trying to sync firewall rules between two VRRP mikrotik and setup SSH key between them. is there any scp/sftp client available in RouterOS so i can transfer file between two mikrotik? I don't want to use ftp or third party server to transfer file between two MT.
Re: mikrotik scp/sftp client to transfer file between MT
forget ssh and use directly the ftp server service inside mikrotik:I am trying to sync firewall rules between two VRRP mikrotik and setup SSH key between them. is there any scp/sftp client available in RouterOS so i can transfer file between two mikrotik? I don't want to use ftp or third party server to transfer file between two MT.
(RouterOS 6.3x.x)
for upload one file to anonther RB (with ftp service confugured):
Code: Select all
/tool fetch mode=ftp upload=yes address=00.11.22.33 port=21 user="user" password="pax" src-path="/localfolder/localfile.rsc" dst-path="/remotefolder/remotefile.rsc" keep-result=yes;
Code: Select all
/tool fetch mode=ftp upload=no address=00.11.232.33 port=21 user="user" password="pax" src-path="/remotefolder/remotefile.rsc" dst-path="/localfolder/localfile.rsc" keep-result=yes;Re: mikrotik scp/sftp client to transfer file between MT
I mentioned there, I don't want to do ftp because it's not secure on wire. If RouterOS can run SSH server don't you think it should support scp client atleast?forget ssh and use directly the ftp server service inside mikrotik:I am trying to sync firewall rules between two VRRP mikrotik and setup SSH key between them. is there any scp/sftp client available in RouterOS so i can transfer file between two mikrotik? I don't want to use ftp or third party server to transfer file between two MT.
(RouterOS 6.3x.x)
for upload one file to anonther RB (with ftp service confugured):for download one file from anonther RB (with ftp service confugured):Code: Select all/tool fetch mode=ftp upload=yes address=00.11.22.33 port=21 user="user" password="pax" src-path="/localfolder/localfile.rsc" dst-path="/remotefolder/remotefile.rsc" keep-result=yes;Code: Select all/tool fetch mode=ftp upload=no address=00.11.232.33 port=21 user="user" password="pax" src-path="/remotefolder/remotefile.rsc" dst-path="/localfolder/localfile.rsc" keep-result=yes;
Re: mikrotik scp/sftp client to transfer file between MT
But ftp is the most fast and secure protocol you can use without waiting any implementation.
Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp...
Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp...
Re: mikrotik scp/sftp client to transfer file between MT
The point is not hacking or brute force attack... If your two devices communicate with each other a third party can read your unencrypted credentials from wire.But ftp is the most fast and secure protocol you can use without waiting any implementation.
Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp...
-
-
tippenring
Member
- Posts: 304
- Joined:
- Location: St Louis MO
- Contact:
Re: mikrotik scp/sftp client to transfer file between MT
It is true that FTP is not secure. Credentials and the data are passed in cleartext. However, if you're using VRRP, I would expect your routers and the cables between them to be relatively secure. If the routers and cables are secure, then capturing the traffic between these two devices seems quite unlikely. If the cables pass through unsecured areas or devices, then I share your concern. If your routers are insecure, you have bigger problems than FTP.The point is not hacking or brute force attack... If your two devices communicate with each other a third party can read your unencrypted credentials from wire.But ftp is the most fast and secure protocol you can use without waiting any implementation.
ost fast and secure protocol you can use without waiting any implementation.
Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp...
Re: mikrotik scp/sftp client to transfer file between MT
Currently you have only two basic options how to securely transfer files between two Mikrotiks:
- activate https management interface at both Mikrotiks in question and use file download/upload of the WebFig interface which is secured by https
- create a secure tunnel between the Mikrotiks (IPsec, SSTP) and use ftp over that tunnel
Re: mikrotik scp/sftp client to transfer file between MT
Where do you store a file in router os to make it available to download via https (webfig)?
Re: mikrotik scp/sftp client to transfer file between MT
I dont know how to implement it in mikrotik but knowing a bit of ipsec i think you can establish some ipsec rules to "encript" your ftp ports (for example tcp 21, i dont remember if password data goes trough that one) between your routers
Also you can paste your firewall rules from a third equipment like a server on both routers. Just an idea how would i do it
Also you can paste your firewall rules from a third equipment like a server on both routers. Just an idea how would i do it
Re: mikrotik scp/sftp client to transfer file between MT
Starting with version 6.45beta22 the changelog lists:
Not sure how it works, though. Looks like mode=sftp is not (yet?) valid.
Code: Select all
*) fetch - added SFTP support;
Re: mikrotik scp/sftp client to transfer file between MT
mode option is deprecated, left for compatibility with older scripts.
Use url=sftp://
Use url=sftp://
Re: mikrotik scp/sftp client to transfer file between MT
I gave it a try, but did not succeed. The server is running openssh 7.9p1, the account is locked to sftp only with openssh's internal sftp implementation.
Neither download nor upload works. Tried from a linux box, on server side everything works as expected. The directory "upload" exists and is writable.
Anybody having more success? What topics to enable for useful debug output?
Code: Select all
[admin@Mikrotik] > /system ssh user=mikrotik-upload sftp-host
Password:
This service allows sftp connections only.
Welcome back!
[admin@Mikrotik] > /tool fetch url=sftp://sftp-host/upload/test.txt user=mikrotik-upload password=xxxx
status: failed
failure: closing connection: <> 10.0.0.10:22 (16) (6)
[admin@Mikrotik] > /tool fetch upload=yes url=sftp://sftp-host/ user=mikrotik-upload password=xxxx src-path=export.rsc dst-path=upload/export.rsc
status: failed
failure: closing connection: <> 10.0.0.10:22 (17) (6)Anybody having more success? What topics to enable for useful debug output?
Re: mikrotik scp/sftp client to transfer file between MT
Hello eworm,
I had a similar problem: I couldn't upload the exported config file to my server via SFTP.
Finally, I found a syntax error.
Try this for upload:
So not use dst-path, just add destination to the URL.
I hope it will help.
Regards,
Imre
I had a similar problem: I couldn't upload the exported config file to my server via SFTP.
Finally, I found a syntax error.
Try this for upload:
Code: Select all
/tool fetch upload=yes url=sftp://sftp-host/upload/export.rsc user=mikrotik-upload password=xxxx src-path=export.rscI hope it will help.
Regards,
Imre
Re: mikrotik scp/sftp client to transfer file between MT
Finally found the cause for my issue with help of support. Looks like the sftp client in RouterOS fails if too many authentication methods are supported by the server. On my SSH server I added this block in /etc/ssh/sshd_config:
Code: Select all
Match User mikrotik-upload
AuthenticationMethods password
Re: mikrotik scp/sftp client to transfer file between MT
been dealing with this lately and it does work with pub key authentication - which is superior to password. esp that password auth is disabled by default in openssh.Code: Select allMatch User mikrotik-upload AuthenticationMethods password
you can easily add private keys to the respective account in routeros, and there it is.
Re: mikrotik scp/sftp client to transfer file between MT
Has anyone tried to upload a file (Mikrotik router to remote server) using the src-address parameter? I'm using the following command:
But it seems there's a bug or something because it returns this error (even the error says SFTP supports it):
ROS Version: 6.46.5
Code: Select all
/tool fetch upload=yes url="sftp://serverIP/path/file" user=$user password=$password src-path=$file src-address=$ip But it seems there's a bug or something because it returns this error (even the error says SFTP supports it):
Code: Select all
failure: only http[s]/sftp supports src-addressROS Version: 6.46.5
Re: mikrotik scp/sftp client to transfer file between MT
Has anyone tried to upload a file (Mikrotik router to remote server) using the src-address parameter? I'm using the following command:Code: Select all/tool fetch upload=yes url="sftp://serverIP/path/file" user=$user password=$password src-path=$file src-address=$ip
But it seems there's a bug or something because it returns this error (even the error says SFTP supports it):
Code: Select allfailure: only http[s]/sftp supports src-address
ROS Version: 6.46.5
Fixed in v6.47.4.
Re: mikrotik scp/sftp client to transfer file between MT
been dealing with this lately and it does work with pub key authentication - which is superior to password. esp that password auth is disabled by default in openssh.Code: Select allMatch User mikrotik-upload AuthenticationMethods password
you can easily add private keys to the respective account in routeros, and there it is.
Can you please share your wisdom on how to do that ? Many have tried and failed. Debug shows that ROS does not like the publickey method ...
You do not have the required permissions to view the files attached to this post.
Re: mikrotik scp/sftp client to transfer file between MT
Hello I use
and get error:
but the file was uploaded!
From Windows I was try winSCP and working OK.
Tested on 6.49.2 and 7.5 , synology DSM 7.1
Code: Select all
/tool fetch upload=yes url="sftp://192.168.120.2/backup/test.txt" src-path="test.txt" user=******** password=******** Code: Select all
status: failed
failure: connection timeout
From Windows I was try winSCP and working OK.
Tested on 6.49.2 and 7.5 , synology DSM 7.1
Who is online
Users browsing this forum: anv, GoogleOther [Bot], Partial, Pinacolada88, qatar2022, superreeen and 58 guests