Merge pull request #4 from MatthieuCoder/main

feat: add support for ssh-key authentication
feat(docs): add documentation of --ssh-key and --passphrase
2025-12-05 22:19:29 +00:00 · 2025-05-25 19:33:58 +06:00 · 2025-05-25 12:03:26 +04:00 · 2025-05-25 11:23:49 +04:00 · 2025-05-25 11:17:34 +04:00
2 changed files with 48 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -176,14 +176,17 @@ caster@kali:~$ sara -h
 Sara supports the following command line options:

 ```bash
-usage: sara.py [-h] --ip IP --username USERNAME --password PASSWORD [--port PORT]
+usage: sara.py [-h] [--ip IP] [--username USERNAME] [--password PASSWORD] [--ssh-key SSH_KEY] [--passphrase PASSPHRASE] [--port PORT]

 options:
-  -h, --help           show this help message and exit
-  --ip IP              The address of your MikroTik router
-  --username USERNAME  SSH username (RO account can be used)
-  --password PASSWORD  SSH password
-  --port PORT          SSH port (default: 22)
+  -h, --help            show this help message and exit
+  --ip IP               The address of your MikroTik router
+  --username USERNAME   SSH username (RO account can be used)
+  --password PASSWORD   SSH password
+  --ssh-key SSH_KEY     SSH key
+  --passphrase PASSPHRASE
+                        SSH key passphrase
+  --port PORT           SSH port (default: 22)
 ```

 1. `--ip` - this argument specifies the IP address of the MikroTik device to which Sara is connecting;
@ -194,7 +197,15 @@ options:

 3. `--password` - password for SSH authentication;

-4. `--port` - allows you to specify a non-standard SSH port for connection. The default is **22**, but if you have changed the SSH port number, it must be specified manually.
+4. `--ssh-key` - specifies the ssh key that should be used to access the RouterOS's shell
+
+    > This is muaually exclusive with `--password`.
+
+5. `--passphrase` - specifies the passphrase used to access the ssh-key
+
+    > This only works when using the `--ssh-key` argument.
+
+6. `--port` - allows you to specify a non-standard SSH port for connection. The default is **22**, but if you have changed the SSH port number, it must be specified manually.

 # Sara's Launch

--- a/sara.py
+++ b/sara.py
@ -44,13 +44,15 @@ def banner():
    print()

 # Establish SSH connection to the RouterOS device using Netmiko
-def connect_to_router(ip, username, password, port):
+def connect_to_router(ip, username, password, port, key_file, passphrase):
    device = {
        "device_type": "mikrotik_routeros",
        "host": ip,
        "username": username,
        "password": password,
        "port": port,
+        "key_file": key_file,
+        "passphrase": passphrase,
    }
    try:
        print(Fore.GREEN + Style.BRIGHT + f"[*] Connecting to RouterOS at {ip}:{port}")
@ -741,6 +743,8 @@ def main():
    parser.add_argument("--ip", help="The address of your MikroTik router")
    parser.add_argument("--username", help="SSH username (RO account can be used)")
    parser.add_argument("--password", help="SSH password")
+    parser.add_argument("--ssh-key", help="SSH key")
+    parser.add_argument("--passphrase", help="SSH key passphrase")
    parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
    args = parser.parse_args()

@ -748,18 +752,40 @@ def main():
        parser.print_help()
        sys.exit(0)

-    if not args.ip or not args.username or not args.password:
+    if not args.ip:
        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Missing required arguments")
        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
        sys.exit(1)

+    if not args.username or (not args.password and not args.ssh_key):
+        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Missing required arguments")
+        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
+        sys.exit(1)
+
+    if args.password and args.ssh_key:
+        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Can't use both password & ssh_key authentication")
+        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
+        sys.exit(1)
+    
+    if args.passphrase and not args.ssh_key:
+        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: The passphrase argument can't be used when not specifying a ssh_key")
+        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
+        sys.exit(1)
+    
+
    confirm_legal_usage()

    # Start timer
    start_time = time.time()

    # Connecting to the router
-    connection = connect_to_router(args.ip, args.username, args.password, args.port)
+    connection = connect_to_router(args.ip,
+        args.username,
+        args.password,
+        args.port,
+        args.ssh_key,
+        args.passphrase
+    )

    # Execute all implemented security checks in sequence
    check_routeros_version(connection)
@ -803,4 +829,4 @@ def main():
    print(Fore.MAGENTA + Style.BRIGHT + "[*] " + Fore.WHITE + "Remember: " + Fore.RED + "Security" + Fore.WHITE + " is a " + Fore.GREEN + "process" + Fore.WHITE + ", not a " + Fore.YELLOW + "state.")

 if __name__ == "__main__":
-    main()
+    main()
Author	SHA1	Message	Date
Caster	54dd6d1d4b	Merge pull request #4 from MatthieuCoder/main feat: add support for ssh-key authentication	2025-05-25 19:33:58 +06:00
Matthieu Pignolet	6451958bd3	feat(docs): add documentation of `--ssh-key` and `--passphrase`	2025-05-25 12:03:26 +04:00
Matthieu Pignolet	ee46c0736f	feat: add support for ssh keys passphrases This commit adds the support for using keyphrases to unlock the ssh key content introducted in `4ae35cff38`	2025-05-25 11:23:49 +04:00
Matthieu Pignolet	4ae35cff38	feat: add ssh key login This commit introduces a new option that is mutually exclusive with --password. The goal of this change is to enable the use of non-password-protected ssh keys in order to access the RouterOS's cli.	2025-05-25 11:17:34 +04:00