Using SSH for system backup
As an alternative to scripts that email backups to a central location, you can use ssh from a central linux/unix box to run the commands and retrieve the backup files from your Mikrotiks. The benefits of this approach are complete encryption, and one centralized piece of backup software, as opposed to various scripts on various Mikrotiks.
Preparing the Mikrotik
The security package must be installed and activated in order to use ssh with your Mikrotiks.
Follow these wiki instructions to setup your ssh public key for easier access to your Mikrotiks.
I have summarized my use of this for completeness of the instructions.
jp@huehuetenango:~> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/jp/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/jp/.ssh/id_dsa. Your public key has been saved in /home/jp/.ssh/id_dsa.pub. The key fingerprint is: omitted jp@huehuetenango jp@huehuetenango:~> cp .ssh/id_dsa.pub huekeys
I have now created the keys and have put it in a file I can send to the Mikrotik.
jp@huehuetenango:~> ftp 10.0.2.1 Connected to 10.0.2.1. 220 oakstreet FTP server (MikroTik 2.9.50) ready Name (10.0.2.1:jp): admin 331 Password required for admin Password: 230 User admin logged in Remote system type is UNIX. ftp> bin 200 Type set to I ftp> put huekeys local: huekeys remote: huekeys 500 'EPSV': command not understood 227 Entering Passive Mode (10,0,2,1,128,6). 150 Opening BINARY mode data connection for '/huekeys' 100% |*************************************| 606 6.28 MB/s 00:00 ETA 226 BINARY transfer complete 606 bytes sent in 00:00 (120.65 KB/s) ftp> by 221 Closing jp@huehuetenango:~> telnet 10.0.2.1 Trying 10.0.2.1... Connected to 10.0.2.1. Escape character is '^]'. MikroTik v2.9.50 Login: admin Password: Terminal xterm detected, using multiline input mode [admin@oakstreet] > user ssh-keys import file=huekeys user=admin [admin@oakstreet] > quit Connection closed by foreign host. jp@huehuetenango:~>
The key is now installed.
The first time you connect with ssh, it will ask you to confirm the new connection, then future ssh accesses will be completely convenient.
Now you can have a normal interactive session on the Mikrotik by the command
You can also run commands from the server commandline by putting those commands after the normal ssh command. Here we ran two commands, one to export the configuration to the named file, the other to view the files on the Mikrotik.
jp@huehuetenango:~> ssh firstname.lastname@example.org export file=20080304-25oak jp@huehuetenango:~> ssh email@example.com file print # NAME TYPE SIZE CREATION-TIME 0 key file 181 aug/04/2006 09:00:21 1 sys-note.txt .txt file 133 dec/28/2007 09:11:36 2 20080304-25oak.rsc script 17915 mar/04/2008 21:26:38
Though not well documented, the Mikrotik supports sftp using the same ssh key system. This means you can log in for ftp without using passwords or storing passwords.
jp@huehuetenango:~> sftp firstname.lastname@example.org:20080304-25oak.rsc Connecting to 10.0.2.1... Fetching /20080304-25oak.rsc to 20080304-25oak.rsc /20080304-25oak.rsc 100% 17KB 17.5KB/s 00:00 jp@huehuetenango:~>
Putting it all together
You can package it in a nasty bash script if you want to automate it.
jp@huehuetenango:~> cat backup10.0.2.1 #!/bin/bash export name=25oak bfile=`date +%Y%m%d-$name` ssh email@example.com export file=$bfile sftp firstname.lastname@example.org:$bfile.rsc
Chmod u+x the script filename to make it executable.
Here is the script in action
jp@huehuetenango:~> ./backup10.0.2.1 Connecting to 10.0.2.1... Fetching /20080304-25oak.rsc to 20080304-25oak.rsc /20080304-25oak.rsc 100% 17KB 17.5KB/s 00:00 jp@huehuetenango:~>
As you can see it connected to the Mikrotik, did it's work, and retrieved the file it created.
If you had a large number of Mikrotiks, you could put the lines of my bash script in a loop where the name and IP changed by querying a database for a list of names and IP numbers.