MikroTik

Is it planed rsa key support in ssh? I have zillion Linux machines on which I have one rsa key, and only for Mikrotik routers I have to use dsa key, which is somehow frustrating (have to specify path to dsa key on each login). I don't use putty, just in case someone suggest me to save my sessions, I work on Linux.

Hello vladoboss.

DSA is a better choice than RSA; I would suggest using DSA where possible. On january 24 we released OpenSSH 5.7, that includes support for ECDSA (Elliptic Curve Digital Signature Algorithm). ECDSA performs better than DSA, as it uses a much shorter key while having an equivalent symmetric key length. DSA and, of course, ECDSA is the way to go.

Where do you store the DSA keys? Specifying the path each time you log into a MikroTik router should not be required. The SSH client should be able to find and use the right keys.

My bad Key is stored in /home/username/.ssh/ but it was not named by default name id_dsa so ssh client wasn't able to find it. I renamed the key and now everything is ok.

This should be revisited, as DSA is considered insecure, and is deprecated in newer ssh servers.

Can we get RSA key support?

This was added recently but I can't find the relevant change log

This was added recently but I can't find the relevant change log

It was added in RouterOS 6.31.

Hello,
There is something I'm missing. I need help here please.

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test

Always receiving this answer:
unable to load key file (incorrect passphrase?) !

What can be wrong??? It seems very simple and I cant' import!!!

Do you have strong crypto enabled?

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test

Is the key in correct format? You need an openssh public key file that looks like this:

strong crypto enabled. some tool for generating public openssh key?

strong crypto enabled. some tool for generating public openssh key?

In puttygen you have a field for the public key ("to paste in authorized_keys"). You take the entire contents of that field, paste them in a file and then put that on the router and import it.
See link: http://blog.muhammada.li/wp-content/upl ... led500.png

Hello,
There is something I'm missing. I need help here please.

I use puttygen 0.66 for creating a pair of RSA 2048 keys.
I upload public one to router with name mykey.pub
Create user test

When I try to import:
[user@router] > user ssh-keys import public-key-file=mykey.pub user=test

Always receiving this answer:
unable to load key file (incorrect passphrase?) !

What can be wrong??? It seems very simple and I cant' import!!!

did you import you "mykey.pub" for your testuser?

Yes. I tried this too and does not work. Any ideas. Thanks for your help

Exactly what puttygen commands are you running? It should be something like...
Then upload mykey.pub.

I just tried this on one of my test routers and it worked fine.
Also, what version of RouterOS are you ruinning?

It seems these steps worked for me:

1. Open PuTTy Key Generator;
2. Select SSH-2 RSA 2048 bits;
3. Click "Generate";

4. Move mouse pointer a lot inside blank area to create strong crypto;
5. Right-click "ssh-rsa AAAA...", click on "Select All", copy and paste in Notepad;
6. Save file as SSH.txt;
7. Save public key button - I've tried to use this key to associate with a user, It didn't work (this key will be not used in this scenario);
8. Save private key (SSH.ppk) - it will be used in PuTTY later, without password (I don't know if this is a good idea);
9. Open winbox, menu "Files", drag and drop SSH.txt inside the content;
10. Menu System > Users > SSH Keys

11. Click Button "Import SSH Key";
12. Associate a user with the key file SSH.txt;

13. Open PuTTY;
14. Click on Connection > Data, fill "Auto-login username" with previous user associated with the SSH.txt;
15. Click on Connection > SSH > Auth, click on "Browse" and search for the SSH.ppk private key;

16. Click on Session, select "connection type: SSH", fill "Host Name (or IP address)" and "port";
17. Give a name on Saved Sessions (maybe SSH + Key), and click on "Save";

18. Click on "Open" and voila, your terminal will be ready to use, without asking username and password;

I DO NOT guarantee any of these instructions, it's only an example that worked for me. Thanks!

Thanks,

Based on these hints I overcome this problem.
When making the keys with Puttygen and saving the public key file, it is in wrong format / having additional lines starting: ---- BEGIN SSH2 PUBLIC KEY ----

The trick is to copy the key from the window and store it to a file. Then you get two lines.
ssh-rsa
<<<key on the second line ending like: "== rsa-key-20171117">>>>

pub file like this is good for RouterOS

strong crypto enabled. some tool for generating public openssh key?

In puttygen you have a field for the public key ("to paste in authorized_keys"). You take the entire contents of that field, paste them in a file and then put that on the router and import it.
See link: http://blog.muhammada.li/wp-content/upl ... led500.png

Thank you for this comment sir. It helped me quickly get ssh keys working on MikroTik. :)