-
Notifications
You must be signed in to change notification settings - Fork 98
SSH connection
🆕 New in tik4net 4.0 — first released as
v4.0.0-alpha. Alpha: API and behaviour are stable for testing but may still change before the final 4.0 release. See Connection types & capabilities.
SSH (TikConnectionType.Ssh) connects to a MikroTik router over TCP port 22 and drives the RouterOS
CLI through an interactive SSH PTY shell. It gives you full CRUD over an encrypted, standards-based
transport — handy when the binary API port is blocked but SSH is open, or when your environment mandates SSH.
It uses the same CLI layer as the Telnet and MAC-Telnet
transports (print as-value parsing, paging prevention, VT100 handling), so all CRUD operations behave
identically.
The SSH transport ships as its own package, tik4net.ssh, because it depends on
SSH.NET (Renci.SshNet). The core tik4net package stays free
of that dependency — you only pull it in if you use SSH.
dotnet add package tik4net.ssh
Enable the SSH service on the router (enabled by default on most installs):
/ip/service set ssh disabled=no
using tik4net;
using tik4net.Ssh;
using (var conn = new SshConnection())
{
conn.Open("192.168.4.1", "admin", "");
var ifaces = conn.LoadAll<tik4net.Objects.Interface.Interface>().ToList();
Console.WriteLine($"Found {ifaces.Count} interfaces");
}The tik4net.ssh package adds CreateSshConnection / CreateSshConnectionAsync extension methods:
using tik4net;
using tik4net.Ssh;
var setup = new TikConnectionSetup("192.168.4.1", "admin", "");
using (var conn = setup.CreateSshConnection())
{
// ...
}
// async
using (var conn = await setup.CreateSshConnectionAsync())
{
// ...
}Because the SSH implementation lives in a satellite package, ConnectionFactory (in core) does not know
about it until you register it once at startup:
using tik4net;
using tik4net.Ssh;
Tik4NetSsh.Register(); // call once, e.g. at app startup
using (var conn = ConnectionFactory.OpenConnection(
TikConnectionType.Ssh, "192.168.4.1", "admin", ""))
{
// ...
}This is only needed for the TikConnectionType.Ssh factory path — new SshConnection() and
setup.CreateSshConnection() work without it.
CRUD, Listen and Safe Mode — SSH reports Crud | Listen | SafeMode, like the other CLI
transports. A terminal has no server push, so the callback-based async APIs (LoadAsync,
LoadListenAsync, ExecuteAsync) are emulated by polling a one-shot snapshot on a background worker
(see the MAC-Telnet page for the per-call-shape breakdown — the
behaviour is identical).
bool hasCrud = conn.Supports(TikConnectionCapability.Crud); // true
bool hasListen = conn.Supports(TikConnectionCapability.Listen); // true
bool hasSafeMode = conn.Supports(TikConnectionCapability.SafeMode); // trueTikConnectionCapability.Streaming (ExecuteListWithDuration) is not reported — use the API
transport for that. Interactive-only commands (notably /tool/torch) surface a guiding error
through the async error callback.
SafeModeTake() / SafeModeRelease() work in place over SSH (RouterOS Ctrl+X). For
SafeModeUnroll() there is an SSH-specific detail: the terminal discard key Ctrl+D is the
SSH end-of-file convention, so RouterOS's SSH server closes the channel on it. To roll back in place
(without dropping the connection), tik4net uses the scriptable /safe-mode/unroll command, available
on RouterOS 7.18+. On older RouterOS the unroll falls back to a disconnect-rollback (the change is
still discarded, but the connection is closed).
Username + password authentication is wired today. The connection appends the RouterOS terminal flag
+c (disable colour) to the login name for cleaner output, falling back to the plain name if the router
rejects it. Private-key authentication is not yet exposed.
- SSH drives an interactive PTY shell, not
exec/RunCommand— RouterOS does not emitprint as-valueoutput over a non-PTY exec channel. - The shell is opened in raw terminal mode so RouterOS's own line editor sees every keystroke.
- For high-rate monitoring over an IP route, the binary SSL API is faster than polling a terminal.
- MAC-Telnet-connection — Layer-2 CLI (no IP route needed)
- WinBox-CLI-connection — encrypted CLI over the WinBox channel
- Safe-Mode — take / release / unroll semantics across transports
- SSL-connection — encrypted binary API connection
- Roadmap-4x — transport roadmap