From 365f7390b42ed782737b7b9b905876e71a23e5b0 Mon Sep 17 00:00:00 2001 From: Steve Haskew Date: Tue, 24 Jul 2018 14:15:29 +0100 Subject: [PATCH] Add documentation for v6.43 login --- How-to-use.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/How-to-use.md b/How-to-use.md index d3fc50f..ddfdf1d 100644 --- a/How-to-use.md +++ b/How-to-use.md @@ -17,6 +17,7 @@ Optional Parameters: * username - String - Login username - Default 'admin' * password - String - Login password - Default empty string * port - Integer - TCP Port for API - Default 8728 or 8729 when using SSL +* plaintext_login - Boolean - Try plaintext login (for RouterOS 6.43 onwards) - Default **False** * use_ssl - Boolean - Use SSL or not? - Default **False** * ssl_verify - Boolean - Verify the SSL certificate? - Default **True** * ssl_verify_hostname - Boolean - Verify the SSL certificate hostname matches? - Default **True** @@ -33,15 +34,10 @@ e.g. if using a self-signed certificate, you can (but probably shouldn't) use: `connection = routeros_api.RouterOsApiPool('', username='admin', password='', use_ssl=True, ssl_verify=False, ssl_verify_hostname=False)` -### Proposed New Login Options (pending merge of PR) -RouterOS Versions >v6.43 now use a different login method. The disadvantage is that it passes the password in plain text. The best auto-detection also sends the password in plain text at the start, even if the device doesn't support it. Therefore to maintain security we only attempt the new login type when insecure_login is set. +### Login for RouterOS v6.43 onwards +RouterOS Versions v6.43 onwards now use a different login method. The disadvantage is that it passes the password in plain text. For security we only attempt the plaintext login if requested using the `plaintext_login` parameter. It is highly recommended only to use this option with SSL enabled. -The proper solution is to use SSL only for API connectivity. - -`routeros_api.RouterOsApiPool(host, username='admin', password='', port=8728, insecure_login=False)` - -New Optional Parameters -* insecure_login - Boolean - Try the new login method? - Default **False** +`routeros_api.RouterOsApiPool(host, username='admin', password='', plaintext_login=True)` ## Execute Commands `api.get_binary_resource('/').call('',{ })`