siekman/Mikrotik_Backup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A python script to make a export of your running router configuration , and push it to your git
3 commits 1 branch 0 tags 32 KiB
  • Python 100%
Find a file
Exact
Jouke Siekman f011efe1cd quick push
2026-03-10 12:01:54 +01:00
MikrotikBackup.py quick push 2026-03-10 11:57:51 +01:00
README.md quick push 2026-03-10 12:01:54 +01:00

README.md

MikroTik Automatic Backup Script

A lightweight Python script that automatically exports your MikroTik router configuration, downloads it via SCP, and commits it to a Git repository for version-controlled backup history.

How it works

The script runs through 5 sequential steps:

  1. Get hostname — connects to the router via SSH and retrieves the system identity (/system identity print)
  2. Export config — triggers a full RouterOS export on the router (/export file=<hostname>)
  3. Download — pulls the .rsc file from the router to a local directory via SCP
  4. Cleanup — removes the export file from the router's filesystem
  5. Commit & push — copies the file into the Git repo, commits it, and pushes to remote

Every run produces exactly one commit per router, keeping the history clean and diff-friendly.

Requirements

Dependency Purpose
Python 3 Script runtime
sshpass Non-interactive SSH/SCP password authentication
git Version control

Install sshpass on Debian/Ubuntu:

apt install sshpass

On Arch:

pacman -S sshpass

Configuration

Edit the variables at the top of MikrotikBackup.py:

ROUTER_IP        = "192.168.88.1"                    # Router IP address
ROUTER_PORT      = "22"                               # SSH port
ROUTER_USER      = "backup-user"                      # Dedicated backup user
ROUTER_PASS      = "yourdifficultandcomplicatedpassword"
LOCAL_EXPORT_DIR = "/home/user/Script"                # Temp storage for downloaded .rsc
GIT_REPO_DIR     = "/home/user/MikrotikBackups"       # Git repo to commit into
GIT_USER_NAME    = "siekman"
GIT_USER_EMAIL   = "jouke@siekman.io"

MikroTik: setting up a dedicated backup user

It is strongly recommended to use a dedicated read-only user on the router instead of admin. Restrict it by IP for extra security:

/user add name=backup-user password=yourpassword group=read
/user set backup-user allowed-address=192.168.1.100/32

Automating with cron

Run the script daily at 02:00:

crontab -e

0 2 * * * /usr/bin/python3 /home/user/Script/MikrotikBackup.py >> /var/log/mikrotik-backup.log 2>&1

Working with backups

# View change history for a router
git log --oneline home.rsc

# Show what changed between two backups
git diff <commit-a> <commit-b> -- home.rsc

# Restore a specific version
git show <commit-hash>:home.rsc > restored.rsc

Then import on the router:

/import file=restored.rsc

Security considerations

  • Use SSH keys instead of sshpass where possible — avoids storing plaintext passwords in the script
  • Store credentials in environment variables or a secrets manager rather than hardcoded in the file
  • Restrict the backup user to the specific IP of your management server
  • The backup user only needs read permissions — never use admin for automated scripts

Repository structure

MikrotikBackups/
├── README.md
├── MikrotikBackup.py         # The backup script
├── home.rsc                  # Export: home router
├── dc.rsc                    # Export: datacenter router
└── ...