Difference between revisions of "Enabling SSH Logins To The UDM"
m |
m |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
# Click through "Settings" -> "Advanced" from the bottom of the main UI window | # Click through "Settings" -> "Advanced" from the bottom of the main UI window | ||
| − | # Turn on "SSH" and set a password. SSH login for the "root" user is now possible | + | # Turn on "SSH" and set a password. SSH login for the "root" user is now possible using this password. |
| − | The other SSH configuration that the UDM uses to provision other UniFi devices on the network is set up, using the "New Settings" menus, under "Network" -> "Settings" -> "System Settings" -> "Controller Configuration" -> "Device SSH Authentication". A userid, password and | + | The other SSH configuration that the UDM uses to provision other UniFi devices on the network is set up, using the "New Settings" menus, under "Network" -> "Settings" -> "System Settings" -> "Controller Configuration" -> "Device SSH Authentication". A userid, password and SSH keys can be set up here. These will be provisioned to each UniFi networking device that this controller adopts. |
==Setting A Persistent SSH Key For The root User== | ==Setting A Persistent SSH Key For The root User== | ||
| − | + | As one might expect, setting the login key requires that we add our SSH key to the <code>/root/.ssh/authorized_keys</code> file. The trouble is that this file gets wiped and restored every time the UDM reboots, causing it to lose any changes we make. We will use the [https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script on-boot-script] utility from the [https://github.com/boostchicken/udm-utilities udm-utilities] package on GitHub to overcome this issue. It will restore our SSH key to the <code>/root/.ssh/authorized_keys</code> file each time the UDM reboots. | |
As root on the UDM do: | As root on the UDM do: | ||
| Line 22: | Line 22: | ||
Copy the [https://github.com/boostchicken/udm-utilities/blob/master/on-boot-script/examples/udm-files/on_boot.d/15-add-root-ssh-key.sh 15-add-root-ssh-key.sh] file to <code>/mnt/data/on-boot.d/</code> and put the public SSH key into it. Either run that script manually, or reboot the UDM to populate the <code>/root/.ssh/authorized_keys</code> file with the SSH key. | Copy the [https://github.com/boostchicken/udm-utilities/blob/master/on-boot-script/examples/udm-files/on_boot.d/15-add-root-ssh-key.sh 15-add-root-ssh-key.sh] file to <code>/mnt/data/on-boot.d/</code> and put the public SSH key into it. Either run that script manually, or reboot the UDM to populate the <code>/root/.ssh/authorized_keys</code> file with the SSH key. | ||
| − | + | ==I've Set A SSH Key But Logins Still Prompt For A Password== | |
| + | |||
| + | Running the <code>ssh</code> command with the <code>-v</code> option may reveal that this is due to a mismatch in the encryption algorithms that the SSH server and client are set up to use (ex. Fedora 33.) To fix this, add a stanza to the <code>~/.ssh/config</code> file on the client, with ''udm-hostname'' set to the host name or IP address that is used with the ssh command: | ||
Host ''udm-hostname'' | Host ''udm-hostname'' | ||
User root | User root | ||
PubkeyAcceptedKeyTypes +ssh-rsa | PubkeyAcceptedKeyTypes +ssh-rsa | ||
| + | |||
| + | __NOTOC__ | ||
| + | [[Category: Linux]] | ||
| + | [[Category: Networking]] | ||
Latest revision as of 14:34, 19 January 2021
SSH In The Admin UI
The UDM has two different SSH configurations, one that allows login to the UDM itself and another that the UDM provisions onto the other UniFi network devices it adopts so that you can directly login to them.
The one that allows logins to the UDM itself only supports userid/password authentication out of the box. We want to add public key authentication to that so that we don't have to enter a password every time we log in. But first we must enable the SSH service through the admin UI:
- Click through "Settings" -> "Advanced" from the bottom of the main UI window
- Turn on "SSH" and set a password. SSH login for the "root" user is now possible using this password.
The other SSH configuration that the UDM uses to provision other UniFi devices on the network is set up, using the "New Settings" menus, under "Network" -> "Settings" -> "System Settings" -> "Controller Configuration" -> "Device SSH Authentication". A userid, password and SSH keys can be set up here. These will be provisioned to each UniFi networking device that this controller adopts.
Setting A Persistent SSH Key For The root User
As one might expect, setting the login key requires that we add our SSH key to the /root/.ssh/authorized_keys file. The trouble is that this file gets wiped and restored every time the UDM reboots, causing it to lose any changes we make. We will use the on-boot-script utility from the udm-utilities package on GitHub to overcome this issue. It will restore our SSH key to the /root/.ssh/authorized_keys file each time the UDM reboots.
As root on the UDM do:
# unifi-os shell # curl -L https://raw.githubusercontent.com/boostchicken/udm-utilities/master/on-boot-script/packages/udm-boot_1.0.2_all.deb -o udm-boot_1.0.2_all.deb # dpkg -i udm-boot_1.0.2_all.deb # exit
Copy the 15-add-root-ssh-key.sh file to /mnt/data/on-boot.d/ and put the public SSH key into it. Either run that script manually, or reboot the UDM to populate the /root/.ssh/authorized_keys file with the SSH key.
I've Set A SSH Key But Logins Still Prompt For A Password
Running the ssh command with the -v option may reveal that this is due to a mismatch in the encryption algorithms that the SSH server and client are set up to use (ex. Fedora 33.) To fix this, add a stanza to the ~/.ssh/config file on the client, with udm-hostname set to the host name or IP address that is used with the ssh command:
Host udm-hostname
User root
PubkeyAcceptedKeyTypes +ssh-rsa
