Use an SSH key with an Ubiquiti Edgerouter

January 21, 2019

Estimated time: 5m Difficulty: 4/5

By default, Ubiquiti Edgerouter devices expect users to log in via SSH with a username and password. A user named charles, for example, would log into a device at 10.0.1.1 by typing ssh charles@10.0.1.1 and then filling in the password at the prompt.

This guide will explain how you can bypass the password-prompt stage, and increase the security of your network, by adding an SSH key to your Edgerouter. As an added benefit, this process will also permit you to add the Edgerouter to your ssh config file, and log into it by simply typing, e.g. ssh edgerouter from the command line

Step 1

If you already have an SSH key installed on the client machine you want to use to connect to the Edgerouter, you can skip this step.

If you do not have a key installed on your client machine, generate one by navigating to your ~/.ssh folder, and then running (replacing [note] with your own note of course):


      ssh-keygen -t rsa -C "[note]"

NOTE There is no need to add a password to the key.

Step 2

To copy your public SSH key over to the Edgerouter, we will use cat. You will need to know:

  • The location in which your public SSH key is stored. If you installed the key using the exact process outlined in Step 1, this will be ~/.ssh/id_rsa.pub. If you saved the key elsewhere, make a note of its location.
  • The address of the Edgerouter
  • Your username and password for the Edgerouter

Supposing that your public SSH key is located at ~/.ssh/id_rsa.pub, you can display the key in your terminal window by running:


      cat ~/.ssh/id_rsa.pub

Step 3

You should see an output that looks like this:


      ssh-rsa MIIJKAIBAAKCAgEAl0Dmnc0PiZYFJ6u9VhFLYDxMoEe+7PYqt+3NmgTojSlD7uR54tWGeXwCX9qcvBT+DnB43Ve9lkGdOCKpR/XqaDOy6CblCrHAi5H9YW83Ga9bJRZtzBaEhiQngWnknbhw+1k/28OhmpfBZtz0/AYZ6hL2xSRTUK/RcIa5qFBld+Zssq5ZXDKfhg3fHFCc28/0gilPt1VMWxFmLMKckIg8YIQZuS9kjTSkmP78Jp6Knn5UBakB0WRJu8o2vkMeJQU3XY/nOV8kocTLljTCmTTRG6mEIXDRYRc7De/lteIyQL2Ye7WQZAss9+g1wsLSo8sTGr4jub9dNl+987Kf+tJ73O664Q9ChETc3aoO7I04++vmwwJCLcg/x6Ajf47YyV0NvqM8duW5+E7MnS8z3IDDPnjfKujoUlxY5NbMsLifqmAxZG8SqOan9ryAGGbVFeXRXUQRgYyXnaYxigAleK0Q/6UIC5tcHyR2l6h63VjFDODCbfAkB7V6Hlt4xMFR4JwxowsH7QYonHxFrqdTqXLJNFH4CnNQR4WuGxvaZUYppgmsngUOV6XqrK0IOSObdyIzuvnukUG4P0gA1MnxFjySiL9j1G+sDOxIIUqdW3QncD64I6Bu1XBKDhwM5+g9qaBH9/NiaalARtq44bD2pT1Xc9AQ0uHVLOLM/DrIpFkNp1kCAwEAAQKCAgBABE4XV+VNnFtOMRgPx34ZmyvrYrJiZMYr1tCAcbdjl6WTBMy5vxoNbPksTMCtskzdG6lsNWieoeLDEZiIRoMR21/LdjrWzejqqb2OcZ3mlxuClP2ftaAdjkvSMFl8j8Xx/BJVF3XckoJe4QIncQWi1qfvRLKmoeOJNtx5ap2no7U54yUbKqnt+Q0HVO8u8dNRC98bf1Sz7qdKJoxRd/fl+cNRZ8etJCzOPI3IYq3U6y7wvllwoHu8qZeF665kiNKoHPIGjEha14o7ZtU+NuaSSKsN5EwaRdTOz0xwMO6IDDbvlScp0LkVrAilCARTIu5REUzZny76hodFD8M6S7/0V0A9zLGSbWXhAs0ACMWanzVVEmRXqdVt282rRzwXmUCNozVA2HCdjoH0bbzp0v48vhUaeqgKLNqNu/zgDT6BsTXskogkQGsuGjsI47lzT+xbbZ6h/nWd7hEUc5YK9zWqKbQEsF4QwLOseYOLd9LV49i/d4x4rw1S93OmzkG5YsyTjha35hW3aRgPVpTzk4qXgblxi6xNSf9vNTtV7I/8NhoZxThRdyyZyJAzwyJKuh/Rr8AvBV+6rZlEKXg/GKjT9CZ7clHrDic2r4BIED+PUUwJ8DpfYoLfo7hPn4SsymH5CudJWsHVG+po61uKUmrrRIT9RlhX9M1AV7CAlq7HSQKCAQEA6tR6onjTF9GPBs0zGsiQUmci8Y10Rcv8wBO8pF+pQbk94ZI/mzb4cKstSUbJr+rJgaUxeeyAMMqmc+fzUBRNsBWa1PPiZLs6ZlcHyFYAwrwpXdp+xSsqcGlkKWlrj0S/7AF2hqa5+YE/sXSrLUhRgi3AohesVlNRZtOff3pBO+WrlBBmStagqoepNLZtiNzStc9M2HRb+81axl8FUd6gYtMFbuIK+Vou3vrQhLAJyGGt33umwpCxTSJTjVYpEolvsEwohC0wN7DlpAjwHnaQ0vj0aKbBqf0z7G2aKvMJma3B3bF3OqRIPuK9nt1h+rvFxZzZMRwejniOu/ZJS157PwKCAQEApOOaaeoFWx0UMSpBiwwtm9Mg7RYqjCIGQ1qU9uuBL4ppbWAfkyaPR4OqC4gvCiPTOuDHLGY55fXrVjm0JCHdDOvMLpffvCqVyEdFYoDdDDKKBssf+FxLmejVOYUAywZASEepxOycy2Btt2qQWcJ9LTxJLwBy90kwQT3scWeevmXvNSj5/0mp3/XMdepjihqlm6IvdvV1KXHEoOqhr4lGdWDlxIC9kg64RT0VdAWQyYahvA28+3cSs8lHo79EDuJGLkh/cjYH6nylJwqhj4sJdhbn7dDUgmhfVvUo71ReSRngBf+dTSbXEraWdbI2VvTRiqT8APcXjE2WaLga77avZwKCAQEA10tpB85IkrzRKYY2RWb+Ul42fkmXAWrM1nkB6Z2+uwAPiOChqjdSvVFjGpxoyv0yM8d1PfgjaxhQVVGiFJgYxch5BKZ4uKujFjLScszOs7r5Hg/1S+WQajFl4EXDlD2Oy9xng3oWZXcnIxX43nJAMF6sDrAvk5Gdvu1kfOZkKnsdvIjwj8qI0O/BpQ9gCyuRj5h4NrcvogMbJ2X0paO7Xf9kKs3ZC9WvxUUkqZIP1gQf+hYOxLENrM881QbabyFMIdEhEFWxsE1hrOt44iUIEDSpN80zHxuCYE/4GUprUdcpN4y96Ci4B9evy5fifZNr9gogYlMKfMpw6kkZ15zO1wKCAQANBIMOVZFyrgsIDqP6DE4VfUeeMB/PzGfeLWqRS+p5DF5iajJT9bleFgD4xBminU1x2oke8jsj8pRPzGJyb9H50SvfidH6EwqcMzRBIJdS/TJ0ctjlTLQTRJSA5AU6AhZVHoNCrsN6MvS2hE09KOOlDJtigJCTAU4z+GWQVnPr6DRIaCHEi9ZDfi5UKNsO7ieg7977b0l+qiKx6ZQ2PYo4fhvltZxBybO2k6n77OyPXHesVxFScQYi94MWZGVFH4wW31Zgd++MDackO+yhXoKytgA9gD0mxoKwZM6Eho6jCs3q61FJ5AUazxt100oC93ULkxbqJJfRVdbIEbDet/eFAoIBAEE+IMIFXmWTUpJ3vePpo7jYtNqD+oAlNBtbRetLOOhfSQoTLIcfviNm0QmTtsoGbPB4+YdGRs3/XWTa862QhptqHNvdRjPC/uJq2LMlBoZlhvAWTErj5Cm1pa5pm4OzC6H2KPLBdtHEuXwYkgTmWsaNH2B5PTLUAu9v48XxrJVjj9Y3docZxvcCXOQfRVM2FafmlGCpS7pjKsOz6HRYVADpGK04n6TNSFlDA8yfxPqXHOQCmX3szRIG23jLCisRfsJjiTKdoWJR2A4GQfUZXCmFsEd4+epTFYEKdO5uEOweP6dDKDkbZQLZPRP0PttX+u2a+qrWDJ7fVGIlzV/TW1U== [Note]

Omitting the ssh-rsa prefix, select the text of the key and copy it to your clipboard.

Step 4

Next, you need to tie the key you just copied to the clipboard to your Edgerouter user account. To do this, first log into the Edgerouter using your username and password. Using our previous examples, you’d type:


      ssh charles@10.0.1.1

NOTE You will be prompted for your account password once you press enter.

Step 5

Tie your key to your username. In these example commands, charles is the username, MacBook Pro is the name of the client device and the string after key is the key you’ve copied to your clipboard:


      configure
set system login user charles authentication public-keys MacBookPro type ssh-rsa
set system login user charles authentication public-keys MacBookPro key MIIJKAIBAAKCAgEAl0Dmnc0PiZYFJ6u9VhFLYDxMoEe+7PYqt+3NmgTojSlD7uR54tWGeXwCX9qcvBT+DnB43Ve9lkGdOCKpR/XqaDOy6CblCrHAi5H9YW83Ga9bJRZtzBaEhiQngWnknbhw+1k/28OhmpfBZtz0/AYZ6hL2xSRTUK/RcIa5qFBld+Zssq5ZXDKfhg3fHFCc28/0gilPt1VMWxFmLMKckIg8YIQZuS9kjTSkmP78Jp6Knn5UBakB0WRJu8o2vkMeJQU3XY/nOV8kocTLljTCmTTRG6mEIXDRYRc7De/lteIyQL2Ye7WQZAss9+g1wsLSo8sTGr4jub9dNl+987Kf+tJ73O664Q9ChETc3aoO7I04++vmwwJCLcg/x6Ajf47YyV0NvqM8duW5+E7MnS8z3IDDPnjfKujoUlxY5NbMsLifqmAxZG8SqOan9ryAGGbVFeXRXUQRgYyXnaYxigAleK0Q/6UIC5tcHyR2l6h63VjFDODCbfAkB7V6Hlt4xMFR4JwxowsH7QYonHxFrqdTqXLJNFH4CnNQR4WuGxvaZUYppgmsngUOV6XqrK0IOSObdyIzuvnukUG4P0gA1MnxFjySiL9j1G+sDOxIIUqdW3QncD64I6Bu1XBKDhwM5+g9qaBH9/NiaalARtq44bD2pT1Xc9AQ0uHVLOLM/DrIpFkNp1kCAwEAAQKCAgBABE4XV+VNnFtOMRgPx34ZmyvrYrJiZMYr1tCAcbdjl6WTBMy5vxoNbPksTMCtskzdG6lsNWieoeLDEZiIRoMR21/LdjrWzejqqb2OcZ3mlxuClP2ftaAdjkvSMFl8j8Xx/BJVF3XckoJe4QIncQWi1qfvRLKmoeOJNtx5ap2no7U54yUbKqnt+Q0HVO8u8dNRC98bf1Sz7qdKJoxRd/fl+cNRZ8etJCzOPI3IYq3U6y7wvllwoHu8qZeF665kiNKoHPIGjEha14o7ZtU+NuaSSKsN5EwaRdTOz0xwMO6IDDbvlScp0LkVrAilCARTIu5REUzZny76hodFD8M6S7/0V0A9zLGSbWXhAs0ACMWanzVVEmRXqdVt282rRzwXmUCNozVA2HCdjoH0bbzp0v48vhUaeqgKLNqNu/zgDT6BsTXskogkQGsuGjsI47lzT+xbbZ6h/nWd7hEUc5YK9zWqKbQEsF4QwLOseYOLd9LV49i/d4x4rw1S93OmzkG5YsyTjha35hW3aRgPVpTzk4qXgblxi6xNSf9vNTtV7I/8NhoZxThRdyyZyJAzwyJKuh/Rr8AvBV+6rZlEKXg/GKjT9CZ7clHrDic2r4BIED+PUUwJ8DpfYoLfo7hPn4SsymH5CudJWsHVG+po61uKUmrrRIT9RlhX9M1AV7CAlq7HSQKCAQEA6tR6onjTF9GPBs0zGsiQUmci8Y10Rcv8wBO8pF+pQbk94ZI/mzb4cKstSUbJr+rJgaUxeeyAMMqmc+fzUBRNsBWa1PPiZLs6ZlcHyFYAwrwpXdp+xSsqcGlkKWlrj0S/7AF2hqa5+YE/sXSrLUhRgi3AohesVlNRZtOff3pBO+WrlBBmStagqoepNLZtiNzStc9M2HRb+81axl8FUd6gYtMFbuIK+Vou3vrQhLAJyGGt33umwpCxTSJTjVYpEolvsEwohC0wN7DlpAjwHnaQ0vj0aKbBqf0z7G2aKvMJma3B3bF3OqRIPuK9nt1h+rvFxZzZMRwejniOu/ZJS157PwKCAQEApOOaaeoFWx0UMSpBiwwtm9Mg7RYqjCIGQ1qU9uuBL4ppbWAfkyaPR4OqC4gvCiPTOuDHLGY55fXrVjm0JCHdDOvMLpffvCqVyEdFYoDdDDKKBssf+FxLmejVOYUAywZASEepxOycy2Btt2qQWcJ9LTxJLwBy90kwQT3scWeevmXvNSj5/0mp3/XMdepjihqlm6IvdvV1KXHEoOqhr4lGdWDlxIC9kg64RT0VdAWQyYahvA28+3cSs8lHo79EDuJGLkh/cjYH6nylJwqhj4sJdhbn7dDUgmhfVvUo71ReSRngBf+dTSbXEraWdbI2VvTRiqT8APcXjE2WaLga77avZwKCAQEA10tpB85IkrzRKYY2RWb+Ul42fkmXAWrM1nkB6Z2+uwAPiOChqjdSvVFjGpxoyv0yM8d1PfgjaxhQVVGiFJgYxch5BKZ4uKujFjLScszOs7r5Hg/1S+WQajFl4EXDlD2Oy9xng3oWZXcnIxX43nJAMF6sDrAvk5Gdvu1kfOZkKnsdvIjwj8qI0O/BpQ9gCyuRj5h4NrcvogMbJ2X0paO7Xf9kKs3ZC9WvxUUkqZIP1gQf+hYOxLENrM881QbabyFMIdEhEFWxsE1hrOt44iUIEDSpN80zHxuCYE/4GUprUdcpN4y96Ci4B9evy5fifZNr9gogYlMKfMpw6kkZ15zO1wKCAQANBIMOVZFyrgsIDqP6DE4VfUeeMB/PzGfeLWqRS+p5DF5iajJT9bleFgD4xBminU1x2oke8jsj8pRPzGJyb9H50SvfidH6EwqcMzRBIJdS/TJ0ctjlTLQTRJSA5AU6AhZVHoNCrsN6MvS2hE09KOOlDJtigJCTAU4z+GWQVnPr6DRIaCHEi9ZDfi5UKNsO7ieg7977b0l+qiKx6ZQ2PYo4fhvltZxBybO2k6n77OyPXHesVxFScQYi94MWZGVFH4wW31Zgd++MDackO+yhXoKytgA9gD0mxoKwZM6Eho6jCs3q61FJ5AUazxt100oC93ULkxbqJJfRVdbIEbDet/eFAoIBAEE+IMIFXmWTUpJ3vePpo7jYtNqD+oAlNBtbRetLOOhfSQoTLIcfviNm0QmTtsoGbPB4+YdGRs3/XWTa862QhptqHNvdRjPC/uJq2LMlBoZlhvAWTErj5Cm1pa5pm4OzC6H2KPLBdtHEuXwYkgTmWsaNH2B5PTLUAu9v48XxrJVjj9Y3docZxvcCXOQfRVM2FafmlGCpS7pjKsOz6HRYVADpGK04n6TNSFlDA8yfxPqXHOQCmX3szRIG23jLCisRfsJjiTKdoWJR2A4GQfUZXCmFsEd4+epTFYEKdO5uEOweP6dDKDkbZQLZPRP0PttX+u2a+qrWDJ7fVGIlzV/TW1U==[Note]

Step 6

Finally, we need to commit and save your changes, and then exit the session. To do this, run:


      commit 
save 
exit

Step 7

You will now be able to log in without using your password. To do this, you can type ssh followed by your username and the address of the Edgerouter. In our example, this would be:


      ssh charles@10.0.1.1

We strongly recommend saving your configuration in your SSH config file so that you can use easy-to-remember shortcuts. A full guide explaining how to do that can be found here.

Step 8

Once you’ve verified that you can log in using your key, we recommend switching off password access completely. You can do that by logging into the Edgerouter and running:


      configure
set service ssh disable-password-authentication
commit
save
exit

WARNING If you disable password access without checking that you have access to the Edgerouter via your key, you may permanently lock yourself out.

Step 9

If you’ll only be connecting to your Edgerouter with one machine, you can ignore this final step. If, however, you have multiple machines, each with their own keys, and want to be able to access your Edgerouter from each one, you’ll need to load the other keys, too. You can do that by following the guide above and substituting the key string and the name of the machine to which it belongs.

Versions

macOS: 10.14.3
EdgeOS: 1.10.7
Notice an error?

Have we got something wrong? Please let us know and we’ll fix it right away.

Categories
EdgeOS Ubiquiti

3 responses to “Use an SSH key with an Ubiquiti Edgerouter

  1. This is exactly what I am looking for, but being a noob I don’t understand what “[note]” is for in step 1. Can you explain?

    Thanks in advance!!

    1. Sure. When you generate an SSH key on macOS or Linux, it will ask you if you want to set a password on the key. You can just leave that blank.

  2. I just configured this and it worked, thanks very much! I used ssh-ed25519 key type instead of rsa. firmware in my router is: EdgeRouter 4 v2.0.9-hotfix.2

Join the Discussion

Your email address will not be published. Required fields are marked *