Syed Jahanzaib Personal Blog to Share Knowledge !

November 25, 2011

Howto Login on Remote Mikrotik & Linux without PASSWORD to execute commands using DSA key


~ Article by Syed Jahanzaib ~

By Following this guide , You will be able to Execute Scripts from a Remote Linux machine to Mikrotik RouterOS [OR Linux] without requiring password.


> SCENARIO# 1

Login From Linux to Mikrotik to execute commands via ssh without Password !!!

[STEP # 1]

First you need to generate public dsa key on your linux bx {which you will upload to mikrotik in later stage}.
At your Linux box, issue the following command.

ssh-keygen -t dsa

This will create a DSA key pair that is compatible with Mikrotik/Linux

 ssh-keygen -t dsa

It will ask you few questions, just press enter , as showed below…

root@zaib-desktop:~# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
ed:da:88:da:d1:b1:f0:b5:f2:39:04:85:9d:d0:19:f1 root@zaib-desktop
The key's randomart image is:
+--[ DSA 1024]----+
|        .=o=     |
|        . *.     |
|         .  E    |
|        ..       |
|      . S.o      |
|       + =..     |
|      . =.o      |
|     . o *..     |
|    ..o o +.     |
+-----------------+
root@zaib-desktop:~#

Note: Make sure to leave the passphrase blank if you are going to be using this key in automated scripts. You do not want to be prompted for a password. zaib

 

[STEP # 2]
Now the key have been generated, It’s time to upload it to MIKROTIK using FTP. Make sure FTP service is enabled on mikrotik. Upload this id_dsa.pub key via ftp using below commands.

root@zaib-desktop:~# cd /root/.ssh/
root@zaib-desktop:~/.ssh# ftp 192.168.2.2
Connected to 192.168.2.2.

220 MikroTik FTP server (MikroTik 3.3) ready
Name (192.168.2.2:root): admin
331 Password required for admin
Password:
230 User admin logged in
Remote system type is UNIX.

ftp> put id_dsa.pub
local: id_dsa.pub remote: id_dsa.pub
200 PORT command successful
150 Opening ASCII mode data connection for '/id_dsa.pub'
226 ASCII transfer complete
608 bytes sent in 0.00 secs (2207.2 kB/s)

ftp> exit
221 Closing
root@zaib-desktop:~/.ssh#

OR

[STEP # 3] – MIKROTIK SECTION
Now login to Mikrotik via Winbox, and open Terminal , you need to import the key. to import key, use the below command.

user ssh-keys import file=id_dsa.pub
user: admin

The user field above determines which user account will be logged in when you pass the key, In this example , I am using default admin id.

All Done. You’ve created a key pair and imported the public key into Mikrotik ,

Now you can start running commands from your remote machine without using the password.

Some examples are below, from your Linux box, try the following . . .

(For the first time Login, It will ask you “Are you sure you want to continue connecting (yes/no)?” Type yes to continue)

ssh admin@192.168.2.2  /system resource print
The authenticity of host '192.168.2.2 (192.168.2.2)' can't be established.
DSA key fingerprint is 5f:d5:ee:51:8b:1c:c3:df:4d:3c:29:d8:af:48:35:a5.
Are you sure you want to continue connecting (yes/no)? yes

Again try to execute command and this time it will execute smoothly without asking any thing.

root@zaib-desktop:~# ssh admin@192.168.2.2  /system resource print
uptime: 40m37s
version: "3.3"
free-memory: 40512kB
total-memory: 62276kB
cpu: "Intel(R)"
cpu-count: 1
cpu-frequency: 3200MHz
cpu-load: 1
free-hdd-space: 956832kB
total-hdd-space: 1021408kB
write-sect-since-reboot: 2373
write-sect-total: 2373

OR

You can do so many interesting things using this method, you can link scripts with php or webmin and control your mikrotik / linux box with webmin as Frontend.


SCNEARIO # 2

Login From Linux to Linux to execute commands via ssh without Password !!!

Assumption:
[LINUX]  ADMIN PC IP  = 192.168.2.1
[LINUX]  REMOTE SERVER IP = 192.168.2.9

Suppose, We want to login from ADMIN PC to REMOTE SERVER without password , or we want to execute command from ADMIN PC to REMOTE SERVER.

[STEP # 1]

You have to first generate DSA public key on ADMIN PC.
You can create it by following [STEP # 1]  in Scenario # 1 of this post.
If you have already generated it, then skip this Step#1

[STEP # 2]

From Admin PC , issue the following command to upload id_dsa.pub to Remote Server.

scp id_dsa.pub root@192.168.2.9:.ssh/authorized_keys

[It will ask Remote Server Password, type password and hit enter.

Now try to Login to REMOTE SERVER using following command

ssh 192.168.2.9

root@zaib-desktop:~/.ssh# ssh 192.168.2.9
Linux test2-proxy 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/

353 packages can be updated.
202 updates are security updates.

Last login: Fri Nov 25 03:01:45 2011 from 192.168.2.1
root@test2-proxy:~#

SUCCESS ! You are now able to Login to remote server without password.

You can Execute any command on remote server from admin pc, For example, you can shutdown / restart or whatever you like . . .

root@zaib-desktop:~/.ssh# ssh 192.168.2.9 df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             3.8G  2.1G  1.5G  59% /
udev                  186M  224K  186M   1% /dev
none                  186M  164K  186M   1% /dev/shm
none                  186M   88K  186M   1% /var/run
none                  186M     0  186M   0% /var/lock
none                  186M     0  186M   0% /lib/init/rw
root@zaib-desktop:~/.ssh#
Advertisements

%d bloggers like this: