Setting up backups with MikroTik

catonum · February 19, 2026, 12:44pm

I’m sorry, I don’t speak English and I use a translator. Problem: I can’t set up backups from MikroTik to ZimaOS. MikroTik can work over the SFTP protocol, and even through it I have problems. I created a user in the ZimaOS terminal, tried with him, but it didn’t work out. Even through the first administrator of the user, it is also not possible to establish communication with them. Help me with some good advice, maybe someone has already done this?
Version ZimaOS+ v1.5.4

gelbuilding · February 19, 2026, 8:05pm

I believe the issue is most likely on the ZimaOS side (SSH/SFTP access, permissions, or remote path), not MikroTik itself. Let’s verify step by step.

Step 1 — Enable SSH in ZimaOS

In the web interface:

Settings > Developer Mode > Enable SSH Access

Make sure SSH is turned ON.

Step 2 — Test SSH from another computer

From a PC on the same network, run:

ssh root@ZIMA_IP

Replace ZIMA_IP with your ZimaOS IP address.

If SSH does not work here, MikroTik will not work either.

Step 3 — Test SFTP manually

From the same PC:

sftp root@ZIMA_IP

If this connects successfully, SFTP is working correctly.

Step 4 — Create a proper backup folder on ZimaOS

After logging in via SSH, run:

mkdir -p /DATA/backups
chmod 755 /DATA/backups

Then test write access:

touch /DATA/backups/testfile

If no error appears, the folder is writable.

Important: do NOT upload to:

/
 /etc
 /usr

Use:

/DATA/backups/

Step 5 — MikroTik remote path format

In MikroTik, the remote path must include the full file name, for example:

/DATA/backups/router.backup

Do not use only the directory path.

Common causes of failure

Wrong username or password
Wrong remote path
Missing filename
Port not set to 22
Permission denied on the target folder

If it still fails, please share:

The exact error message from MikroTik
The full remote path you configured
The username you are using
Whether SSH works from a PC

I believe once SSH and SFTP work from a normal computer, the MikroTik upload should work normally.

catonum · February 20, 2026, 2:44pm

You’re right, the problem is precisely with ZimaOS, its sftp is very heavily curtailed. And he’s not the only one.
What I did:

Deployed the container via Dockge:

services:
  sftp:
    image: atmoz/sftp
    ports:
      - "2222:22"
    volumes:
      - "/DATA/sftp/mikrotik:/home/catonum/upload"
    command: "catonum:PyTbDg1Hxdwj:1001:1000:upload"

Created a script in Mikrotik:

/system script add name=backup-to-zima policy=read,write,test source="\
:local host \"10.0.0.2\";\
:local port 2222;\
:local user \"catonum\";\
:local pass \"PyTbDg1Hxdwj\";\
:local rdir \"upload\";\
\
:local d [/system clock get date];\
:local t [/system clock get time];\
:local mon [:pick \$d 0 3];\
:local day [:pick \$d 4 6];\
:local year [:pick \$d 7 11];\
:local hh [:pick \$t 0 2];\
:local mi [:pick \$t 3 5];\
:local ss [:pick \$t 6 8];\
:local mm \"01\";\
:if (\$mon=\"jan\") do={:set mm \"01\"};\
:if (\$mon=\"feb\") do={:set mm \"02\"};\
:if (\$mon=\"mar\") do={:set mm \"03\"};\
:if (\$mon=\"apr\") do={:set mm \"04\"};\
:if (\$mon=\"may\") do={:set mm \"05\"};\
:if (\$mon=\"jun\") do={:set mm \"06\"};\
:if (\$mon=\"jul\") do={:set mm \"07\"};\
:if (\$mon=\"aug\") do={:set mm \"08\"};\
:if (\$mon=\"sep\") do={:set mm \"09\"};\
:if (\$mon=\"oct\") do={:set mm \"10\"};\
:if (\$mon=\"nov\") do={:set mm \"11\"};\
:if (\$mon=\"dec\") do={:set mm \"12\"};\
\
:local stamp (\$year.\"-\".\$mm.\"-\".\$day.\"_\".\$hh.\$mi.\$ss);\
:local base (\"mt-\".\$stamp);\
\
/system backup save name=\$base;\
/export file=\$base;\
\
/tool fetch upload=yes address=\$host port=\$port mode=sftp user=\$user password=\$pass src-path=(\$base.\".backup\") dst-path=(\$rdir.\"/\".\$base.\".backup\");\
/tool fetch upload=yes address=\$host port=\$port mode=sftp user=\$user password=\$pass src-path=(\$base.\".rsc\") dst-path=(\$rdir.\"/\".\$base.\".rsc\");\
\
/file remove [find name=(\$base.\".backup\")];\
/file remove [find name=(\$base.\".rsc\")];\
"

Checked for validity:

/system script print where name="backup-to-zima"

I started it in manual mode and everything worked out.

/system script run backup-to-zima
/log print where message~"fetch|sftp|backup|error"

The only question left is how to get it to work itself at a given time, because when it is added to the Scheduler, it says that it has worked, although in fact the files do not appear, and I have granted all execution rights.

gelbuilding · February 21, 2026, 12:43pm

Nice workaround using the atmoz/sftp container — that’s a clean way around ZimaOS’s restricted SFTP.

If the script works manually but not from Scheduler, it’s usually a Scheduler policy/time/logging issue in RouterOS.

1) Confirm the script exists

/system script print detail where name="backup-to-zima"

2) Create a scheduler that runs the script (daily 03:00)

/system scheduler add name=backup-to-zima-daily \
start-time=03:00:00 interval=1d \
on-event="/system script run backup-to-zima" \
policy=read,write,test,policy,password,sensitive

Important: the scheduler has its own policy=. Even if the script has rights, the scheduler can still block it.

3) Verify the scheduler entry

/system scheduler print detail where name="backup-to-zima-daily"

4) Force-run the scheduler once (test)

/system scheduler run backup-to-zima-daily

Then check logs:

/log print where message~"fetch|sftp|backup|error"

5) Verify the router clock

/system clock print
/system ntp client print

6) Confirm files on ZimaOS

ls -lah /DATA/sftp/mikrotik