Mikrotik passwordless SSH with public key
Reading time: 18 – 30 minutesFollowing the instructions described in the official documentation:
https://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(public/private_key_login)
The process is as always as easy as:
# upload the id_rsa.pub file # then import the public key file for the user used for connecting via SSH user ssh-keys import public-key-file=id_rsa.pub user=admin-ssh # and it's done.
Everything was OK with my WSL Ubuntu 20.04. (I added WSL at the beginning of the versions because it runs in Windows Subsystem Linux).
But, with the newest WSL Ubuntu 22.04 I was unsuccessful.
Being precise, the SSH versions are:
# WSL Ubuntu 20.04 $ ssh -V OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020 # WSL Ubuntu 22.04 $ ssh -V OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022
After connecting with verbose details, I found this message, that was the key for solving the problem:
debug1: Offering public key: /home/my_user/.ssh/id_rsa RSA SHA256:2******************************Y agent debug1: send_pubkey_test: no mutual signature algorithm
Then, I discovered that newest SSH versions aren’t compatible with Mikrotik SSH version. It seems that version isn’t enough newest and are incompatible with how public keys are negotiated at the beginning of the connection.
Finally, the solution was to use an extra parameter for establishing the connection:
ssh -o 'PubkeyAcceptedAlgorithms +ssh-rsa' THE_USER@THE_HOST
Of course, an alternative is using ~/.ssh/config file or the system file: /etc/ssh/ssh_config and add this parameter for everything, or specific hosts. For instance, like this:
Host JUST_A_NAME_OF_THE_CONNECTION Hostname THE_IP_ADDRESS_OR_HOSTNAME_OF_THE_TARGET_HOST user THE_USER PubkeyAcceptedAlgorithms +ssh-rsa