This script collects Mikrotik RouterOS Exports and Backups via SSH to your machine. It supports port knocking for enhanced security. It connects to remote Mikrotik via SSH, saves an /export compact and /backup unencrypted. To run this script, passwordless authentication using a ssh key is necessary. A dedicated read only backup user should be created on the router.
-
Create a hosts.txt file, listing all your Mikrotik Routers
10.12.13.14 my-local-router remote.example.com my-remote-router # 8.8.8.8 backup-later
-
(Optional) Define custom Environment Variables in a file named .env
PRIVKEY="~/.ssh/id_rsa" SSH_PORT="1234" KNOCK01="1234" KNOCK02="5678"
-
Run the script. The argument
--initial
is helpful at the first run. It will add the remote SSH fingerprints to ~/.ssh/known_hosts.. The argument--parallel
will do the colection jobs in parallel../mikrotik-backup-collector.sh \ --initial \ # to accept new SSH fingerprints --parallel # if you're in a hurry
-
Define a cronjob and never forget to backup again.