MikroTik

Community discussions
https://forum.mikrotik.com/

using public/private keys for sftp

https://forum.mikrotik.com/viewtopic.php?t=211652

Page 1 of 1

using public/private keys for sftp

Posted: Thu Oct 10, 2024 10:54 pm
by teleport
i have a working sftp command to upload file to remote openwrt dumbAP.
is it possible to use public/private(ssh) keys for below command instead of username/password. if yes, please provide example (am already aware of standard steps for ssh key generation and adding private key using /user). does below work with just providing user attribute if ssh keys are setup?

/tool fetch upload=yes url="sftp://10.10.10.24/tmp/dhcp.leases" user="root" password="test" src-path="dhcpleases.txt"

Re: using public/private keys for sftp  [SOLVED]

Posted: Fri Oct 11, 2024 6:05 am
by teleport
just checked myself. works with key authentication too. marking as solved

Re: using public/private keys for sftp

Posted: Thu Oct 17, 2024 3:28 pm
by fsardi
Hi I am glad you could solve it how? I am trying SFTP with keys between two Miltrotiks with no luck. I can do it with user password. And I can SSH with keys to the Tiks.

#create keys in Linux
ssh-keygen -t ed25519 -f id_ed25519 -N ""
mv id_ed25519 id_ed25519.pem


SERVER
scp -P 22222 id_ed25519.pub [sshuser]@[server_ip]:/
ssh -p 22222 [sshuser]@[server_ip] "\
/user ssh-keys import public-key-file=id_ed25519.pub user=[sshkeyuser]\
"
Clients
scp -P 22222 id_ed25519.pem [sshuser]@[client_ip]:/

/tool fetch url="sftp://[server_ip]/junk.backup" user=[sshkeyuser] upload=yes keep-result=no src-path=junk.backup key-file=/id_ed25519.pem

Doesn't work because the key-file= doesn't work with fetch? How do I use the private key in the client?

Regards,

Pipe .

Re: using public/private keys for sftp

Posted: Mon Oct 28, 2024 6:08 pm
by teleport
Hi I am glad you could solve it how? I am trying SFTP with keys between two Miltrotiks with no luck. I can do it with user password. And I can SSH with keys to the Tiks.

#create keys in Linux
ssh-keygen -t ed25519 -f id_ed25519 -N ""
mv id_ed25519 id_ed25519.pem


SERVER
scp -P 22222 id_ed25519.pub [sshuser]@[server_ip]:/
ssh -p 22222 [sshuser]@[server_ip] "\
/user ssh-keys import public-key-file=id_ed25519.pub user=[sshkeyuser]\
"
Clients
scp -P 22222 id_ed25519.pem [sshuser]@[client_ip]:/

/tool fetch url="sftp://[server_ip]/junk.backup" user=[sshkeyuser] upload=yes keep-result=no src-path=junk.backup key-file=/id_ed25519.pem

Doesn't work because the key-file= doesn't work with fetch? How do I use the private key in the client?

Regards,

Pipe .
here is how i invoke SFTP with key based authentication:

/tool fetch upload=yes url="sftp://$currentAP/tmp/dhcp.leases" user="root" src-path="sd1-part1/dhcp.leases"

when you specify user attribute(root in my example), it picks up the private key for that user from what you imported under /system/users/ssh private keys (make sure to have keyowner same as user attribute in fetch command)

also, you may run into issue with importing private key file into mikrotik when generated from linux (ssh-keygen) . you may have to convert to right format. i use sshpk-conv to convert ssh-keygen generated keys to openssl format that mikrotik needs)
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/