Page 1 of 1
SSH key import on V7.3.1
Posted: Sun Jul 10, 2022 10:23 pm
by texmeshtexas
I use a rsa key generated on my remote server that I have my Mikrotik devices log into.
I import the public/private RSA key pair as described in this wiki
https://wiki.mikrotik.com/wiki/Use_SSH_ ... _key_login
in V6 the key format must be PEM but in V7 I get an error that the format is not allowed.
Is V7 not ready for this yet?
Re: SSH key import on V7.3.1
Posted: Sun Jul 10, 2022 11:47 pm
by guipoletto
7.3.1 has a known bug when importing SSH keys
try 7.4.RC2, it should be fixed
Re: SSH key import on V7.3.1
Posted: Wed Jul 13, 2022 4:50 am
by texmeshtexas
7.4RC2 not working either
Re: SSH key import on V7.3.1
Posted: Wed Aug 31, 2022 12:53 pm
by MultiTricker
I'm having same problem on both 7.4.1 and even 7.5rc2 when importing public key:
/user ssh-keys import public-key-file=id_dsa.pub user=admin
unable to load key file (wrong format or bad passphrase)!
I don't know what is wrong, it was working great so far on old ROS.
Re: SSH key import on V7.3.1
Posted: Wed Aug 31, 2022 1:46 pm
by osc86
DES and RSA1 keys are deprecated, ECDSA and ED25519 are not yet supported in ROS, your keypair needs to be RSA2.
Re: SSH key import on V7.3.1
Posted: Wed Aug 31, 2022 1:50 pm
by rextended
What's new in 7.5 (2022-Aug-30 12:25):
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
Re: SSH key import on V7.3.1
Posted: Wed Aug 31, 2022 4:06 pm
by MultiTricker
rextended - thank you for pointing that out, but 7.5rc2 didn't worked for me.
Sooo... downgraded to 6.49.6 - key imported successfully. I can log in with key.
Upgraded to 7.5 - cannot login with key. I try to import the key and got again:
unable to load key file (wrong format or bad passphrase)!
I might have deprecated keypair type, my key starts with "ssh-dss", but import is working in 7.1. That brings me to changelog and I have found in 7.3:
*) ssh - removed DSA public key authentication support;
So this is it. Damn. Not only marked as deprecated, but already removed.
Thank you for help!
Re: SSH key import on V7.3.1
Posted: Wed Aug 31, 2022 4:45 pm
by rextended
¯\_( ͡° ͜ʖ ͡°)_/¯
Re: SSH key import on V7.3.1
Posted: Sun Dec 11, 2022 2:14 pm
by kehrlein
Guys, do you have newer information about the support of ECDSA keys in ROS 7?
Re: SSH key import on V7.3.1
Posted: Sat Mar 11, 2023 8:18 pm
by RcRaCk2k
Also discovering the same issue.
This is unbelievable.
Running v7.8
Now i have changed to RSA, the import will work, but the login fails:
root@trafficgrapher:~/bin/auth# ssh -v -i /root/bin/auth/remote-access_new.rsa remote-user@172.16.15.240
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 172.16.15.240 [172.16.15.240] port 22.
debug1: Connection established.
debug1: identity file /root/bin/auth/remote-access_new.rsa type 0
debug1: identity file /root/bin/auth/remote-access_new.rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version ROSSSH
debug1: no match: ROSSSH
debug1: Authenticating to 172.16.15.240:22 as 'remote-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:Syg06JqvjjCag0cFLhs7kY0DrOwS9ySK/TMfAoqsVfA
debug1: Host '172.16.15.240' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/bin/auth/remote-access_new.rsa RSA SHA256:uns4aVGOG3axgzyOaIIXS5WSGR8Dy7vsLRCE4qt9JRo explicit
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
remote-user@172.16.15.240's password