How to enable SSH auto login on Ubiquiti EdgeRouter X

Home Lab

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type: 
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing: 
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following: 
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing: 
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type: 
    configure
  2. Then type: 
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

  • Crucial 16GB memory, perfect for Intel NUC

    Home Lab
    0 Comments

    crucial 16gb 204pin memory

    I’m a huge fan the of Intel NUC‘s for a VMware home lab. In fact I just recently picked up my third Intel NUC to give me more head room for a small VMware Horizon (View) environment at home.

    I typically use G.Skill memory in my NUC’s as I’ve had great luck with the brand in my desktop and laptop for years. However G.Skill has been increasing in price which made me look around for alternatives and came across Crucial DDR3 204-pin memory for less money, but days after I purchased it they too went up in price. However they are now back on sale and cost about $50 less then the G.Skill memory I have been using in my first two NUC’s.

    I’ve been using the Crucial memory now for the last several months without any problems and even though they are rated at a lower voltage I can’t say I really see any difference in power savings or consumption compared to the G.Skill 1.5V. If you’re looking to upgrade now might be a good time to take advantage of the sale price.

  • Synology DSM 5.1-5021 update released

    Home Lab
    0 Comments

    Synology

    Synology released DSM 5.1-5021 update as well as Cloud Station 3.1-3320 today. This update includes all the updates since 5.1-5004 as well as fixes for a number of vulnerabilities in PHP, OpenVPN, and other security improvements. DSM 5.1-5004 also improves Amazon S3 backup stability along with a number of other fixes and improvements.

    Read More “Synology DSM 5.1-5021 update released”

  • VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error

    Home Lab
    0 Comments

    If you use the VMware ESXi 5 ISO image and try to install it on an Intel NUC you’ll receive the following error during the install.

    No Network Adapters

    No network adapters were detected. Either no network adapters are physically connected to the system, or a suitable driver could not be located. A third party driver my be required.

    Ensure that there is at least one network adapter physically connected to the system before attempting installation. If the problem persists, consult the VMware Knowledge Base.

    The “No Network Adapters” on the Intel NUC error message during the ESXi install is because VMware removed a number of drivers (non-enterprise drivers) from their ESXi 5.x image and in order to use the Intel NUC as an ESXi host you need to create a customized ESXi image with the NIC drivers added to the image.

    Read More “VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error”

  • Intel NUC i5 5th Generation an ESXi lab improvement

    Home Lab
    18 Comments

    Intel NUC BLKNUC5I5MYHE 5th gen

    For the past year and a half I’ve been using the Intel i5 3rd Gen NUC’s in my ESXi home lab with great success. In this time several people have asked if I recommend anything newer, and while Intel had a few 4th gen models I wasn’t really sold on them as most CPU benchmarks put them the same as my 3rd gen or lower and only added support for a 2.5″ drive which at the time I didn’t need but then Intel released news about several Intel NUC 5th generation models!

    Read More “Intel NUC i5 5th Generation an ESXi lab improvement”

  • My VMware ESXi Home Lab Upgrade

    Home Lab
    39 Comments

    Although the focus in my career right now is certainly more cloud focused in Amazon Web Services and Azure, I still use my home lab a lot.

    For the last 5+ years my home lab had consisted of using 3x Intel NUC’s (i5 DC53427HYE), a Synology NAS for shared storage and an HP ProCurve switch. This setup served me well for most of those years. It has allowed me to get many of the certifications I have, progress in my career and have fun as well.

    At the start of this year I decided it was time to give the home lab an overhaul. At first I looked at the newest generation of Intel NUC’s but really wasn’t looking forward to dropping over $1,300 on just partial compute (I’d still need to be RAM for each of the 3 NUC’s). I also wanted something that just worked, no more fooling around with network adapter drivers or doing this tweak or that tweak.

    I also no longer needed to be concerned about something that had a tiny footprint. I also questioned if I really needed multiple physical ESXi hosts. My home lab isn’t running anything mission critical and if I really wanted I could always build additional nested VMware ESXi hosts on one powerful machine if I needed.

    So in the end, the below is what I settled on. Replacing all of my compute, most of my networking and adding more storage!

    Read More “My VMware ESXi Home Lab Upgrade”

  • Installing DD-WRT on an ASUS RT-AC66U router

    Home Lab
    54 Comments

    I recently upgraded my EnGenius ESR-750H wireless N router to an Asus RT-AC66U wireless AC router. The EnGenius router has been pretty good for me but basic and no support for other firmware. The Asus RT-AC66U not only has a number of added features and support for 802.11ac, it also doesn’t seem to be plagued with the port 32764 bug or the Linksys “TheMoon” virus that’s been going around on select Linksys models, but the Asus also has a number of firmware options that can be used with this router such as Merlin, Tomato, and DD-WRT.

    I’ve used DD-WRT in the past with other routers and had great success and decided to go that route with my new AC66U router as well.

    How to install DD-WRT on Asus RT-AC66U

    Read More “Installing DD-WRT on an ASUS RT-AC66U router”

Leave a Reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    Reply

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

      Reply

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    Reply

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael

      Reply