+1 for support for ecdsa (and maybe also ed25519) optional support for authenticator apps would be a KILLER feature out of the box! there could also be the possibility to "export" a QR code to the CLI (which ALSO could be used for WIREGUARD peers export - like on a normal shell)
We do like this type of content. However, you guys by now know which product video I'm waiting for 😁 starts with wifi ends with 6e.. I hope these clues are good enough haha
Okay I use my windows PC to access routers via winbox. Would I use putty to generate key pairs for each MT device and if so, would I only have access to terminal view (CLI) or would I reach winbox??
I don't remember it being that straightforward the last time I deployed my new key to v6. No trailing whitespace or newlines and a sacrifice to the Mikrotik gods IIRC.
very nice!!! thanks for this helpful video. Quick question: is it possible to enforce from a workstation to use a password and ssh key pair to have a kind of dual factor authentication? I mean to access the router is required to have both: the password and the ssh key in order to access it remotely (if any of these 2 conditions are not met, then the user shouldn't be able to access it). Pls advise. Thanks!!
For SSH it is not possible, but if you are accessing your device remotely it is highly advisable, you use a VPN, which can provide the security you are looking for. OpenVPN for example requires a certificate (same public-private key principles as RSA key) and additionally a password to connect.
Hi! Question, I load the ssh key but when I want to access the router via ssh it asks me for the password, I put the password and it enters but there will be some way to access without asking for the password
Deben tener un programa q sean compatibles las ips de los router de casa con los acces point ip estatica estoy a pronto de comprarles una ap clientes. 30 dbi, y probar si deja la intermitencia q tengo no migren toda vidad a 5ghz y dejen mas pmt .. 2 ghz
Littering your private key file all over your devices is not good form and does not scale for management. How about adding agent forwarding as an option? Another nice security feature would be something akin to sudo or Cisco's enable command. Root login directly from the network is another poor security item.
Would be really cool to see the ssh-copy-id command supported to copy a key to the router!
+1 for support for ecdsa (and maybe also ed25519)
optional support for authenticator apps would be a KILLER feature out of the box!
there could also be the possibility to "export" a QR code to the CLI (which ALSO could be used for WIREGUARD peers export - like on a normal shell)
Hi, do you plan to implement ecdsa and ed25519 in RouterOS7?
That and OpenSSH FIDO devices so -sk keys
We do like this type of content. However, you guys by now know which product video I'm waiting for 😁 starts with wifi ends with 6e.. I hope these clues are good enough haha
Keep doing this great vídeos!!!
Suggestion: When U2F keys ? When 2FA in VPNs? When WinBox will use U2F/2FA and log connection to log.txt for easier reports ?
Good content !
I would liek to see videos on automation, like Ansible for example.
i am add ssh-keygen esxi to ssh key mikrotik and can,t open ssh esxi in mikrotik new terminal can you help me ?
Okay I use my windows PC to access routers via winbox. Would I use putty to generate key pairs for each MT device and if so, would I only have access to terminal view (CLI) or would I reach winbox??
I don't remember it being that straightforward the last time I deployed my new key to v6. No trailing whitespace or newlines and a sacrifice to the Mikrotik gods IIRC.
very nice!!! thanks for this helpful video. Quick question: is it possible to enforce from a workstation to use a password and ssh key pair to have a kind of dual factor authentication? I mean to access the router is required to have both: the password and the ssh key in order to access it remotely (if any of these 2 conditions are not met, then the user shouldn't be able to access it). Pls advise. Thanks!!
For SSH it is not possible, but if you are accessing your device remotely it is highly advisable, you use a VPN, which can provide the security you are looking for. OpenVPN for example requires a certificate (same public-private key principles as RSA key) and additionally a password to connect.
noice! :p
Dru best!
never tried to copy winbox to winbox 😮
R1 and R2 identities would be 😎
WB to WB copy works well on windows and wine(linux)
never got it running smoothly on macos though.
Which Linux distro are use in this video?
Hi! Question, I load the ssh key but when I want to access the router via ssh it asks me for the password, I put the password and it enters but there will be some way to access without asking for the password
Me pasa igual, no doy con el problema
Howto keygen for mikrotik v6 in debian 12 ?
Thanks, how can i login from winbox to ubuntu server by this way? Do you have a learn for this?
You are probably better off logging in directly into your server, but you can do it through your router too. Just look into SSH keys for ubuntu.
Deben tener un programa q sean compatibles las ips de los router de casa con los acces point ip estatica estoy a pronto de comprarles una ap clientes. 30 dbi, y probar si deja la intermitencia q tengo no migren toda vidad a 5ghz y dejen mas pmt .. 2 ghz
Littering your private key file all over your devices is not good form and does not scale for management. How about adding agent forwarding as an option? Another nice security feature would be something akin to sudo or Cisco's enable command. Root login directly from the network is another poor security item.
Private key is only held on one device, public key can be safely shared.
نحن نتحدث العربية نحتاج شرح عربي تكرما ملايين يستخدمون مايكروتك
تعلم انكليزي
Unfortunatly useless for me. :( My company uses more secure ed25519 which Mikrotik doesn't support .
RouterOS 7.7 -> ssh - added support for Ed25519 key exchange;
Ok, my bad... This is about ed25519 key exchange., but no way to set up as a user or host key :(