routeros-scripts/doc/mod/ssh-keys-import.md
2024-01-30 00:31:36 +01:00

1.9 KiB
Raw Blame History

Import ssh keys for public key authentication

⬅️ Go back to main README

Info: This module can not be used on its own but requires the base installation. See main README for details.

Description

RouterOS supports ssh login with public key authentication. The functions in this module help importing the keys.

Requirements and installation

Just install the module:

$ScriptInstallUpdate mod/ssh-keys-import;

Usage and invocation

Import single key from terminal

Call the function $SSHKeysImport with key and user as parameter to import that key:

$SSHKeysImport "ssh-rsa AAAAB3Nza...QYZk8= user" admin;

Starting with RouterOS 7.12beta1 support for keys of type ed25519 has been added:

$SSHKeysImport "ssh-ed25519 AAAAC3Nza...ZVugJT user" admin;

The third part of the key (user in this example) is inherited as key-owner in RouterOS. Also the MD5 fingerprint is recorded, this helps to audit and verify the available keys.

Info: Use ssh-keygen to show a fingerprint of an existing public key file: ssh-keygen -l -E md5 -f ~/.ssh/id_ed25519.pub

Import several keys from file

The functions $SSHKeysImportFile can read an authorized_keys-style file and import all the keys. The user given to the function can be overwritting from comments in the file. Create a file keys.pub with this content:

ssh-ed25519 AAAAC3Nza...3OcN8A user@client
ssh-rsa AAAAB3Nza...ozyts= worker@station
# user=example
ssh-rsa AAAAB3Nza...GXQVk= person@host

Then import it with:

$SSHKeysImportFile keys.pub admin;

This will import the first two keys for user admin (as given to function) and the third one for user example (as defined in comment).


⬅️ Go back to main README
⬆️ Go back to top