Using SSH for system backup mikrotik

As an alternative to scripts that email backups to a central location, you can use ssh from a central linux/unix box to run the commands and retrieve the backup files from your Mikrotiks. The benefits of this approach are complete encryption, and one centralized piece of backup software, as opposed to various scripts on various Mikrotiks.

Preparing the Mikrotik

The security package must be installed and activated in order to use ssh with your Mikrotiks.

Follow these wiki instructions to setup your ssh public key for easier access to your Mikrotiks.

Use SSH to execute commands (DSA key login)

I have summarized my use of this for completeness of the instructions.

jp@huehuetenango:~> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/jp/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/jp/.ssh/id_dsa.
Your public key has been saved in /home/jp/.ssh/
The key fingerprint is:
omitted jp@huehuetenango

jp@huehuetenango:~> cp .ssh/ huekeys

I have now created the keys and have put it in a file I can send to the Mikrotik.

jp@huehuetenango:~> ftp
Connected to
220 oakstreet FTP server (MikroTik 2.9.50) ready
Name ( admin
331 Password required for admin
230 User admin logged in
Remote system type is UNIX.
ftp> bin
200 Type set to I
ftp> put huekeys
local: huekeys remote: huekeys
500 'EPSV': command not understood
227 Entering Passive Mode (10,0,2,1,128,6).
150 Opening BINARY mode data connection for '/huekeys'
100% |*************************************|   606       6.28 MB/s    00:00 ETA
226 BINARY transfer complete
606 bytes sent in 00:00 (120.65 KB/s)
ftp> by
221 Closing
jp@huehuetenango:~> telnet
Connected to
Escape character is '^]'.

MikroTik v2.9.50
Login: admin

Terminal xterm detected, using multiline input mode
[admin@oakstreet] > user ssh-keys import file=huekeys user=admin 
[admin@oakstreet] > quit
Connection closed by foreign host.

The key is now installed.

The first time you connect with ssh, it will ask you to confirm the new connection, then future ssh accesses will be completely convenient.

Executing Commands

Now you can have a normal interactive session on the Mikrotik by the command

ssh admin@

You can also run commands from the server commandline by putting those commands after the normal ssh command. Here we ran two commands, one to export the configuration to the named file, the other to view the files on the Mikrotik.

jp@huehuetenango:~>ssh admin@ system backup save name=20080304-25oak
Configuration backup saved

Getting Files

Though not well documented, the Mikrotik supports sftp using the same ssh key system. This means you can log in for ftp without using passwords or storing passwords.

jp@huehuetenango:~> sftp admin@
Connecting to
Fetching /20080304-25oak.backup to 20080304-25oak.backup
/20080304-25oak.backup                           100%   17KB  17.5KB/s   00:00    



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s