Feature Request: Ed25519 SSH keys
Posted: Tue Jun 07, 2016 1:20 pm
As in subject, everybody will sleep better if the support of Ed25519 keys will be available in ROS7 (or 6!)
Page 1 of 1
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Oct 03, 2017 6:18 pm
agree, +1
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 16, 2017 10:24 pm
+1, this feature is much missed here!
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Jan 28, 2019 3:06 pm
+1 add support Ed25519.
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Mar 23, 2020 1:34 pm
+1 we need this!!!
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Mar 23, 2020 1:58 pm
OK could you please hint what do I do wrong?
Code: Select all
[cypa@hAP.k16] > user ssh-keys import public-key-file=id_ed25519.pub
unable to load key file (wrong format?) !
[cypa@hAP.k16] > system resource print
uptime: 56m26s
version: 6.46.4 (stable)
build-time: Feb/21/2020 11:26:37
factory-software: 6.34.2
free-memory: 6.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 650MHz
cpu-load: 7%
free-hdd-space: 7.7MiB
total-hdd-space: 16.0MiB
write-sect-since-reboot: 115
write-sect-total: 30299
bad-blocks: 0%
architecture-name: smips
board-name: hAP lite
platform: MikroTik
[cypa@hAP.k16] >Re: Feature Request: Ed25519 SSH keys
Posted: Mon Mar 23, 2020 3:24 pm
Nothing wrong, ed25519 is not supported.
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Sep 03, 2020 1:53 am
In 7.1beta2 wireguard protocol was added. It use ed25519 as one of algorithm. Maybe it possible to add ssh support of this algo too?Nothing wrong, ed25519 is not supported.
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Dec 08, 2020 1:39 pm
+1 It would be great if RouterOS support ssh Ed25519 keys
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Dec 08, 2020 9:05 pm
In 7.1beta2 wireguard protocol was added. It use ed25519 as one of algorithm. Maybe it possible to add ssh support of this algo too?
wireguard and ssh don't necessarily share encryption libraries so support for certain key types in one of these services doesn't mean support for same key type in the other service. However the trend in IT is to re-use things and hopefully wireguard and ssh will share encryption library ... not only to provide same level of support for key types but to reduce size of install as well.
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Jun 22, 2021 9:55 pm
Please! I'm deploying cert based auth and this is needed.
Re: Feature Request: Ed25519 SSH keys
Posted: Fri Oct 15, 2021 3:53 pm
Hi,
I'd like to use Ed25519 SSH keys, too. I do not use any other key formats anymore.
Please add it!
I'd like to use Ed25519 SSH keys, too. I do not use any other key formats anymore.
Please add it!
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 25, 2021 5:51 pm
6.49.1 here and still no support for ed25519 keys. As I can no longer use sha-1 RSA keys, I would like to use the currently most secure format and not manage so many different keys just because a vendor refuses to update security to the best practices.
Can we get ed25519 support in v6 please??
Edit: I can't even get ecdsa to import, sigh.
Edit 2: workaround for now is to use rsa-sha2-256, which is still not as secure as ed25519 but it's the best that RouterOS v6 currently supports. To generate this key using openssh:
I'm still going to be maintaining this weaker key for RouterOS only, and an ed25519 key for everything else.
Can we get ed25519 support in v6 please??
Edit: I can't even get ecdsa to import, sigh.
Edit 2: workaround for now is to use rsa-sha2-256, which is still not as secure as ed25519 but it's the best that RouterOS v6 currently supports. To generate this key using openssh:
Code: Select all
$ ssh-keygen -t rsa-sha2-256Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 25, 2021 5:54 pm
I have a support/feature ticket on that topic (SUP-61929). Answer from MikroTik:
That's better than 'No' I guess... So go and place your own issue...Thank you for your feedback. We will consider adding this feature in the future.
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 25, 2021 6:15 pm
Done, SUP-67007.
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 25, 2021 11:20 pm
did they offer a timeline?Done, SUP-67007.
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Nov 25, 2021 11:49 pm
I only know the start of the first request and that was more than 5 years ago.
Re: Feature Request: Ed25519 SSH keys
Posted: Fri Nov 26, 2021 12:35 am
Timeline? Currently we do not know whether or not we will see this any time soon or at all.
So if you want this... Open your own issue to make Mikrotik aware of the interest.
So if you want this... Open your own issue to make Mikrotik aware of the interest.
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Apr 12, 2022 6:00 pm
It seems we first need support for modern signature algorithms (rsa-sha2-256/512, ssh-ed25519, ecdsa-sha2-nistp256/384/521).
With the release of OpenSSH 9.0, ssh-rsa is officially deprecated and disabled by default, which seems to be the only supported algorithm in RouterOS 6+7 (next to ssh-dss, also deprecated).
Connecting to the router using a rsa key now fails, and adding an exception to allow ssh-rsa again on every machine running openssh 9.0+ is not an option.
With the release of OpenSSH 9.0, ssh-rsa is officially deprecated and disabled by default, which seems to be the only supported algorithm in RouterOS 6+7 (next to ssh-dss, also deprecated).
Connecting to the router using a rsa key now fails, and adding an exception to allow ssh-rsa again on every machine running openssh 9.0+ is not an option.
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Apr 12, 2022 9:17 pm
No. They didn't commit to v6 at all, and just said "shortly" for v7. That was on 2021-12-28. No updates since.did they offer a timeline?Done, SUP-67007.
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Jun 20, 2022 1:55 pm
+1, this should be a must
@strods, please could you ping internally to the security team and let us know if is in the roadmap and what is the ETA.
Thanks in advance.
@strods, please could you ping internally to the security team and let us know if is in the roadmap and what is the ETA.
Thanks in advance.
Re: Feature Request: Ed25519 SSH keys
Posted: Sat Sep 10, 2022 5:01 pm
What is the problem? 6 years passed. Is there some update about the feature?
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Sep 21, 2022 4:01 pm
I switched to ed25519 and my Mikrotik devices are the only ones that don't support it yet 
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Sep 21, 2022 4:05 pm
Patience, you don't have to protect the "Deutsche Bank" anyway, right?
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Sep 22, 2022 1:15 am
Six years stretches the word “patience” all out of shape.
This in a world where RouterOS has dropped DSA (as it should) leaving only the semi-obsolescent RSA, a tech older than most of the board’s participants, I’d warrant.
It’s past time for this lack to be filled. The option to DIY a fix for ourselves with containers is either unavailable or unpalatable: most devices aren’t ARM, and even with those that are, a scripted bounce thru an OpenSSH container sucks.
Get it done, MikroTik!
This in a world where RouterOS has dropped DSA (as it should) leaving only the semi-obsolescent RSA, a tech older than most of the board’s participants, I’d warrant.
It’s past time for this lack to be filled. The option to DIY a fix for ourselves with containers is either unavailable or unpalatable: most devices aren’t ARM, and even with those that are, a scripted bounce thru an OpenSSH container sucks.
Get it done, MikroTik!
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Sep 22, 2022 2:13 pm
When u today create a new Keypair, why not use ED25519? There more improvements, like the shorter keys, and not only MoRE SEcuRe!!!11elfPatience, you don't have to protect the "Deutsche Bank" anyway, right?
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Sep 22, 2022 4:38 pm
Most of my ssh hosts won't even accept rsa keys anymore. So I have to maintain ed25519 for them, and a separate rsa key just for the RouterOS hosts. It's very annoying.
Re: Feature Request: Ed25519 SSH keys
Posted: Sun Jan 22, 2023 1:45 pm
either with update 7.7 my mikrotik doesnt support Ed25519 key 
Re: Feature Request: Ed25519 SSH keys
Posted: Sun Jan 22, 2023 9:05 pm
As of the most recent macOS update (Ventura, 13.1), by default it no longer allows RSA to be used for SSH client.
You have to explicitly allow it in SSH config:
Any updates on implementing ed25519?
You have to explicitly allow it in SSH config:
Code: Select all
Host *
PubkeyAcceptedKeyTypes=+ssh-rsa
HostKeyAlgorithms=+ssh-rsa
Re: Feature Request: Ed25519 SSH keys
Posted: Sun Jan 22, 2023 9:10 pm
6.5 years since original post. 2 years since they said "shortly" in my ticket. We need a reference for what "shortly" means in this case? Software dev cycles? Human lifespan? Galactic time scale? 
Re: Feature Request: Ed25519 SSH keys
Posted: Tue Jan 31, 2023 5:04 pm
I'm still waiting too..
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Feb 02, 2023 5:10 pm
+1!
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Mar 08, 2023 12:17 am
We're in 2023 and Ed25519, the most used ECDH protocol, is still not supported...
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Mar 08, 2023 10:13 pm
Perhaps in 7.9beta? *holding thumbs*
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Mar 08, 2023 10:46 pm
+1 this should really of been added in many years ago. This should not be too hard to implment.
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Mar 08, 2023 11:22 pm
Like count on BGP routes?This should not be too hard to implment.
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Mar 09, 2023 12:09 am
Reinventing the wheel properly takes time. 
And they like to do it a lot, example: viewtopic.php?p=965896#p965896
And they like to do it a lot, example: viewtopic.php?p=965896#p965896Re: Feature Request: Ed25519 SSH keys
Posted: Fri Mar 10, 2023 1:10 pm
+1. Really surprised this still isn't supported in 2023!
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Mar 20, 2023 5:39 pm
Also did a feature request...I have a support/feature ticket on that topic (SUP-61929).
Re: Feature Request: Ed25519 SSH keys
Posted: Fri Mar 31, 2023 2:57 pm
What's new in 7.9beta4 (2023-Mar-23 15:01):
*) ssh - added Ed25519 host key support;
*) ssh - added Ed25519 host key support;
Re: Feature Request: Ed25519 SSH keys
Posted: Fri Mar 31, 2023 5:34 pm
That's only the host key part. It doesn't let you set up pre-shared ed25519 keys per user.
One hopes the latter piece is coming later in the 7.9 beta process.
One hopes the latter piece is coming later in the 7.9 beta process.
Re: Feature Request: Ed25519 SSH keys
Posted: Sat Apr 01, 2023 9:11 pm
+1. Please, still unsupported in 2023?
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Apr 06, 2023 12:35 pm
7.9rc2 changelog:
Changes in this release:
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
Changes in this release:
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Apr 06, 2023 5:37 pm
This is still just host key support, not public key authentication.
Re: Feature Request: Ed25519 SSH keys
Posted: Wed May 03, 2023 12:58 pm
Confirmed it still doesn't import on 7.9.
Code: Select all
[admin@MikroTik] > /user/ssh-keys/import public-key-file=id_ed25519.pub user=admin
unable to load key file (wrong format or bad passphrase)!
[admin@MikroTik] > /system/resource/print
uptime: 13h5m31s
version: 7.9 (stable)
build-time: May/02/2023 05:35:06
factory-software: 6.46.3
free-memory: 201.8MiB
total-memory: 256.0MiB
cpu: MIPS 1004Kc V2.15
cpu-count: 4
cpu-frequency: 880MHz
cpu-load: 4%
free-hdd-space: 4208.0KiB
total-hdd-space: 16.0MiB
write-sect-since-reboot: 2563
write-sect-total: 375345
architecture-name: mmips
board-name: hEX
platform: MikroTik
[admin@MikroTik] > Re: Feature Request: Ed25519 SSH keys
Posted: Wed May 10, 2023 2:41 pm
And now I'd like to use my ED25519-SK token for public key authentication. That's still not possible in ROS 7.9
Re: Feature Request: Ed25519 SSH keys
Posted: Mon May 29, 2023 11:22 am
how long should we wait ?
Re: Feature Request: Ed25519 SSH keys
Posted: Mon May 29, 2023 11:26 am
Until it's finished.how long should we wait ?
Re: Feature Request: Ed25519 SSH keys
Posted: Sat Jun 10, 2023 4:59 pm
I would love ed25519-sk support as well since I am using yubikeys.
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Jul 19, 2023 12:04 pm
How about the progress ?
Re: Feature Request: Ed25519 SSH keys
Posted: Thu Aug 17, 2023 1:02 pm
Available now in 7.12beta1! 
Re: Feature Request: Ed25519 SSH keys
Posted: Wed Oct 18, 2023 2:19 pm
what about ED25519-SK? is this planned?
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Dec 04, 2023 4:12 pm
7.12.2 steel not work (((((
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Dec 04, 2023 6:11 pm
user ed25519 keys are in 7.12?Available now in 7.12beta1!
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Dec 04, 2023 7:19 pm
Yes.user ed25519 keys are in 7.12?Available now in 7.12beta1!
Re: Feature Request: Ed25519 SSH keys
Posted: Mon Dec 04, 2023 10:11 pm
Thank you. I must have missed it in the changelog.Yes.
user ed25519 keys are in 7.12?
Re: Feature Request: Ed25519 SSH keys
Posted: Fri Feb 23, 2024 6:50 am
I'm so glad that I can use a reasonably sized ssh key! Thanks devs!