From 4ae35cff388eb042ee0bd523d6e936cd1386ee8a Mon Sep 17 00:00:00 2001
From: Matthieu Pignolet <m@mpgn.dev>
Date: Sun, 25 May 2025 11:05:23 +0400
Subject: [PATCH] feat: add ssh key login

This commit introduces a new option that is mutually exclusive with --password.
The goal of this change is to enable the use of non-password-protected ssh keys in order to access the RouterOS's cli.
---
 sara.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/sara.py b/sara.py
index 240753b..2355b41 100644
--- a/sara.py
+++ b/sara.py
@@ -44,13 +44,14 @@ def banner():
     print()
 
 # Establish SSH connection to the RouterOS device using Netmiko
-def connect_to_router(ip, username, password, port):
+def connect_to_router(ip, username, password, port, key_file):
     device = {
         "device_type": "mikrotik_routeros",
         "host": ip,
         "username": username,
         "password": password,
         "port": port,
+        "key_file": key_file,
     }
     try:
         print(Fore.GREEN + Style.BRIGHT + f"[*] Connecting to RouterOS at {ip}:{port}")
@@ -741,6 +742,7 @@ def main():
     parser.add_argument("--ip", help="The address of your MikroTik router")
     parser.add_argument("--username", help="SSH username (RO account can be used)")
     parser.add_argument("--password", help="SSH password")
+    parser.add_argument("--ssh-key", help="SSH key")
     parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
     args = parser.parse_args()
 
@@ -748,18 +750,29 @@ def main():
         parser.print_help()
         sys.exit(0)
 
-    if not args.ip or not args.username or not args.password:
+    if not args.ip:
         print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Missing required arguments")
         print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
         sys.exit(1)
 
+    if not args.username or (not args.password and not args.ssh_key):
+        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Missing required arguments")
+        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
+        sys.exit(1)
+
+    if args.password and args.ssh_key:
+        print(Fore.YELLOW + Style.BRIGHT + "[!] ERROR: Can't use both password & ssh_key authentication")
+        print(Fore.YELLOW + "[!] Use 'sara --help' for more information")
+        sys.exit(1)
+        
+
     confirm_legal_usage()
 
     # Start timer
     start_time = time.time()
 
     # Connecting to the router
-    connection = connect_to_router(args.ip, args.username, args.password, args.port)
+    connection = connect_to_router(args.ip, args.username, args.password, args.port, args.ssh_key)
 
     # Execute all implemented security checks in sequence
     check_routeros_version(connection)
@@ -803,4 +816,4 @@ def main():
     print(Fore.MAGENTA + Style.BRIGHT + "[*] " + Fore.WHITE + "Remember: " + Fore.RED + "Security" + Fore.WHITE + " is a " + Fore.GREEN + "process" + Fore.WHITE + ", not a " + Fore.YELLOW + "state.")
 
 if __name__ == "__main__":
-    main()
\ No newline at end of file
+    main()