~ Article by Syed Jahanzaib ~
By Following this guide , You will be able to Execute Scripts on Mikrotik Router from a Remote Linux machine without requiring password.
SCENARIO# 1
Login From Linux to Mikrotik to execute commands via ssh without Password !!!
[STEP # 1]
First you need to generate public dsa key on your linux bx {which you will upload to mikrotik in later stage}.
At your Linux box, issue the following command.
This will create a DSA key pair that is compatible with Mikrotik/Linux
ssh-keygen -t dsa #for ubuntu 16, use following cmd #ssh-keygen -t rsa
It will ask you few questions, just press enter , as showed below…
root@zaib-desktop:~# ssh-keygen -t dsa #for ubuntu 16, use following cmd #ssh-keygen -t rsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: ed:da:88:da:d1:b1:f0:b5:f2:39:04:85:9d:d0:19:f1 root@zaib-desktop The key's randomart image is: +--[ DSA 1024]----+ | .=o= | | . *. | | . E | | .. | | . S.o | | + =.. | | . =.o | | . o *.. | | ..o o +. | +-----------------+ root@zaib-desktop:~#
Note: Make sure to leave the passphrase blank if you are going to be using this key in automated scripts. You do not want to be prompted for a password. zaib
[STEP # 2]
Now the key have been generated, It’s time to upload it to MIKROTIK using FTP. Make sure FTP service is enabled on mikrotik. Upload this id_dsa.pub key via ftp using below commands.
192.168.2.2 is Mikrotik IP
cd /root/.ssh/ ftp 192.168.2.2 #Connected to 192.168.2.2. #220 MikroTik FTP server (MikroTik 3.3) ready Name (192.168.2.2:root): admin #331 Password required for admin Password: #230 User admin logged in #Remote system type is UNIX. ftp> put id_dsa.pub #for ubuntu 16 #put id_rsa.rsa local: id_dsa.pub remote: id_dsa.pub 200 PORT command successful 150 Opening ASCII mode data connection for '/id_dsa.pub' 226 ASCII transfer complete 608 bytes sent in 0.00 secs (2207.2 kB/s) ftp> exit 221 Closing root@zaib-desktop:~/.ssh#
OR
[STEP # 3] – MIKROTIK SECTION
Now login to Mikrotik via Winbox, and open Terminal , you need to import the key. to import key, use the below command.
/user ssh-keys import public-key-file=id_dsa.pub
The user field above determines which user account will be logged in when you pass the key, In this example , I am using default admin id.
All Done. You’ve created a key pair and imported the public key into Mikrotik ,
Now you can start running commands from your remote machine without using the password.
Some examples are below, from your Linux box, try the following . . .
(For the first time Login, It will ask you “Are you sure you want to continue connecting (yes/no)?” Type yes to continue)
ssh admin@192.168.2.2 /system resource print The authenticity of host '192.168.2.2 (192.168.2.2)' can't be established. DSA key fingerprint is 5f:d5:ee:51:8b:1c:c3:df:4d:3c:29:d8:af:48:35:a5. Are you sure you want to continue connecting (yes/no)? yes
Again try to execute command and this time it will execute smoothly without asking any thing.
root@zaib-desktop:~# ssh admin@192.168.2.2 /system resource print uptime: 40m37s version: "3.3" free-memory: 40512kB total-memory: 62276kB cpu: "Intel(R)" cpu-count: 1 cpu-frequency: 3200MHz cpu-load: 1 free-hdd-space: 956832kB total-hdd-space: 1021408kB write-sect-since-reboot: 2373 write-sect-total: 2373
You can do so many interesting things using this method, you can link scripts with php or webmin and control your mikrotik / linux box with webmin as Frontend.
SCENARIO # 2
Login From Ubuntu 12.x to Ubuntu 12.x to execute commands via ssh without Password !!!
Assumption:
[LINUX] ADMIN PC IP = 192.168.2.1
[LINUX] REMOTE SERVER IP = 192.168.2.9
Suppose, We want to login from ADMIN PC to REMOTE SERVER without password , or we want to execute command from ADMIN PC to REMOTE SERVER.
[STEP # 1]
You have to first generate DSA public key on ADMIN PC.
You can create it by following [STEP # 1] in Scenario # 1 of this post.
example:
ssh-keygen -t dsa
If you have already generated it, then skip this Step#1
[STEP # 2]
From Admin PC , issue the following command to upload id_dsa.pub to Remote Server.
scp id_dsa.pub root@192.168.2.9:.ssh/authorized_keys
[It will ask Remote Server Password, type password and hit enter.
If you receive error like “scp: .ssh/authorized_keys: No such file or directory” then run the ssh-keygen -t dsa command on remote server first, then re-run step-2
Now try to Login to REMOTE SERVER using following command
ssh 192.168.2.9
root@zaib-desktop:~/.ssh# ssh 192.168.2.9 Linux test2-proxy 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 To access official Ubuntu documentation, please visit: http://help.ubuntu.com/ 353 packages can be updated. 202 updates are security updates. Last login: Fri Nov 25 03:01:45 2011 from 192.168.2.1 root@test2-proxy:~#
SUCCESS ! You are now able to Login to remote server without password.
You can Execute any command on remote server from admin pc, For example, you can shutdown / restart or whatever you like . . .
root@zaib-desktop:~/.ssh# ssh 192.168.2.9 df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 3.8G 2.1G 1.5G 59% / udev 186M 224K 186M 1% /dev none 186M 164K 186M 1% /dev/shm none 186M 88K 186M 1% /var/run none 186M 0 186M 0% /var/lock none 186M 0 186M 0% /lib/init/rw root@zaib-desktop:~/.ssh#
Another easy method to copy file. [Added 29-NOV-2017]
From your Admin PC , issue this command to copy the file to remote Linux server we want to access (without pass)
ssh-copy-id -P 55511 root@192.168.9.2
-P is used if you have SSH listening on different port.
for UBUNTU 16.X
ssh-keygen -t rsa
and on mikrotik, use
/user ssh-keys import user=admin public-key-file=id_rsa.pub
SSH error corrupt Host’s key regenerating it reboot required
If you receive above error in Mikrotik LOG window , then open TERMINAL and issue following on your mikrotik box
/ip ssh regenerate-host-key
Regard’s
Syed Jahanzaib
sir is that can take password mikrotik admin if hotspot authentication using http, chap, pap?
LikeLike
Comment by c0d393n — March 8, 2013 @ 12:14 AM
please re define your query ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 10, 2013 @ 7:18 PM
can we connect to mikrotik hotspot authentication using linux command line (linux without gui)?
LikeLike
Comment by Dapid Saja — May 1, 2013 @ 8:48 PM
Not possible, but I am not sure. try posting your query at mikrotik forum.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 2, 2013 @ 12:53 PM
[…] https://aacable.wordpress.com/2011/11/25/howto-login-on-remote-mikrotik-linux-without-password-to-exe… […]
LikeLike
Pingback by Short References For Linux Remote Management | Syed Jahanzaib Personnel Blog to Share Knowledge ! — August 23, 2013 @ 2:48 PM
please is this a way to hack a Mikrotik router
and can you give me the way to do it with android terminal
LikeLike
Comment by tamim — May 14, 2014 @ 10:25 PM
No.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 16, 2014 @ 8:28 AM
how to disable password authentication?
LikeLike
Comment by anonymouse — July 11, 2014 @ 8:13 AM
salam bhai linux boot
problime initramfs or bisybox erorr ever 4-6 days efter when i instal new linux it agane ever 6-7 days why ? please help me
LikeLike
Comment by burhan — August 20, 2014 @ 4:33 PM
[…] Mikrotik with User Manager . SSH must be enabled (with public key to enable linux ssh connectivity to mikrotik without Password) Follow this guide https://aacable.wordpress.com/2011/11/25/howto-login-on-remote-mikrotik-linux-without-password-to-ex… […]
LikeLike
Pingback by Sharing Ideas … Mikrotik with Kannel/playSMS | Syed Jahanzaib Personnel Blog to Share Knowledge ! — May 12, 2015 @ 3:30 PM
[…] https://aacable.wordpress.com/2011/11/25/howto-login-on-remote-mikrotik-linux-without-password-to-ex… […]
LikeLike
Pingback by Give your hardware some freedom of Speech ;) | Syed Jahanzaib Personnel Blog to Share Knowledge ! — May 22, 2015 @ 11:53 AM
[…] https://aacable.wordpress.com/2011/11/25/howto-login-on-remote-mikrotik-linux-without-password-to-ex… […]
LikeLike
Pingback by Give your hardware some freedom of Speech :) | — September 22, 2015 @ 7:23 PM
how about login on remote linux from Mikrotik without password
LikeLike
Comment by nur hamid — February 2, 2016 @ 10:43 AM
[…] & RSA key imported so that ssh from Linux to mikrotik must work without password, explained here , Make sure its […]
LikeLike
Pingback by FREERADIUS WITH MIKROTIK – Part #16 – Loosy workaround to disconnect missing users from the NAS | Syed Jahanzaib Personal Blog to Share Knowledge ! — July 12, 2018 @ 9:03 AM
Salaam Bhai!!! Please do this for Windows too… and situation is i’m not connected using wired connection but with wifi connection of mikrotik server
LikeLike
Comment by Punnu_khan — August 22, 2018 @ 8:21 AM
[…] Please visit following link […]
LikeLike
Pingback by BASH: Exporting MYSQL DB to Remote Server | Syed Jahanzaib Personal Blog to Share Knowledge ! — July 17, 2019 @ 10:28 AM
[…] Password less Login to Remote Mikrotik & Linux Syed … […]
LikeLike
Pingback by Hack Mikrotik Login - login link — April 8, 2021 @ 1:01 AM