If you regularly use SSH as your preferred method of accessing your MikroTik RouterBOARD devices, SSH keys provide a more secure way of logging onto your device, rather than just a password alone.
I’ll explain a little bit about SSH keys, how to generate your own, and show you how to import them into your MikroTik device
With only using password authentication to gain access to your MikroTik device, passwords can eventually be cracked with brute force attacks. SSH Keys are nearly impossible to decipher by brute force and by using them, adds another layer of security to your network.
SSH Keys are a pair of generated strings of characters that give you a public, and a private key. You can upload the public key onto the MikroTik Routerboard, and then by having the private key on your client device, you can unlock the public key and gain access to the device without the need for a password.
You can also protect the private key with an additional password for an extra layer of security.
Generating the keys
OS X and Linux:
Open up your terminal interface and run the following commandssh-keygen -t rsa
Once this is done, you will have two files, a id_rsa and a id_rsa.pub file located in your .ssh folder.
cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgTWJg3+JPosJW2YIpaPoDsMtdoc8/liC5kLM1dqGF0qT4Z6VFxGyF2wjPW57JHLJEMCJiKRMSKUR+K/hniDEZtlyTeC7BKpiEWSk+wpSlnjT8fpgtinT9N3g88okEK3KX1U4y+QUWIgxO0JhIREoSJ8PUAlEbIG6cHQYQ6W7y38BsFmIKMTIx8pQJ47tPUYWZuL8g3H4924wO7/YuRdgJjFbh6pBNep3saa6kytEZKp7+lYyc0jXO3C/UMWxcKRQoxNpheyDtXVu/YVv1cRdM0VxPqSuvyZapLe2BadVZOmXjDCiZI219RzDlVHxZaIXS2dXlWXr6paRBAB1JBlp/ dan@dan-vm
Now that we've got our key, we can move on to adding it into MikroTik - Jump past the windows section where we continue.
Windows:
In windows, we can use PuTTYgen to generate our public and private keys.
Head to the PuTTY download page to download this software onto your computer:
Launch the program and click the generate button. It's advised to move the mouse over the large blank area for extra entropy in your key.
Once this is done, you'll see the screen below. Go ahead and save the public key and the private key.
You can just copy and paste the public key at the top and paste this into a text file, feel free to name this anything, but id_rsa.pub is good enough.
Importing the public key into MikroTik RouterBOARD
Login to your MikroTik routerBOARD through Winbox and open up the files menu. Click on the Upload button and upload your public key (Warning: Do not upload your private key! You need to keep this safe and not share it with anyone!)
Once uploaded, go to System > Users and click on the SSH Keys tab
At the top you'll find 'Import SSH Key' where you can select the username you'll be accessing the device from, and the SSH Key from the files menu
If connecting via OS X or Linux, the SSH key will load automatically.
If you are using PuTTY on Windows, please use the following instructions to use SSH Keys:
- In PuTTY, under the Connection > Data category option, enter the auto-login username as the username you'll be connecting to MikroTik with.
- Expand the SSH sub-category and highlight the Auth sub-category and click the browse button. Browse your file system and select the Private SSH key that you've generated.
- Return to the main Session Category and enter a name for this profile in the saved sessions field, e.g. 'MikroTik Routerboard'
- Go ahead and enter the Host Name or IP Address and connect to the MikroTik using SSH Keys!
I found this error:
ReplyDeleteCouldn't perform action - unable to load key file (incorrect passphrase?) ! (6)