How to enable SSH auto login on Ubiquiti EdgeRouter X

Home Lab

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type: 
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing: 
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following: 
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing: 
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type: 
    configure
  2. Then type: 
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

  • VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error

    Home Lab
    0 Comments

    If you use the VMware ESXi 5 ISO image and try to install it on an Intel NUC you’ll receive the following error during the install.

    No Network Adapters

    No network adapters were detected. Either no network adapters are physically connected to the system, or a suitable driver could not be located. A third party driver my be required.

    Ensure that there is at least one network adapter physically connected to the system before attempting installation. If the problem persists, consult the VMware Knowledge Base.

    The “No Network Adapters” on the Intel NUC error message during the ESXi install is because VMware removed a number of drivers (non-enterprise drivers) from their ESXi 5.x image and in order to use the Intel NUC as an ESXi host you need to create a customized ESXi image with the NIC drivers added to the image.

    Read More “VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error”

  • How to Upgrade PowerShell 7 to latest version

    Home Lab
    0 Comments

    Have you opened a Windows Terminal and seen a highlighted message stating “A new PowerShell stable release is available …“?

    powershell 7 upgrade prompt

    Well you could go to the link provided in the prompt, download the upgrade and then run it on your machine, or you can quickly and easily upgrade PowerShell 7 directly from the terminal by typing the following command.

    Invoke-Expression "& { $(Invoke-Restmethod https://aka.ms/Install-PowerShell.ps1) } -UseMSI"

    This will automatically download and run the latest version of PowerShell 7 and run the installer for you. See quick and easy!

  • Crucial 16GB memory, perfect for Intel NUC

    Home Lab
    0 Comments

    crucial 16gb 204pin memory

    I’m a huge fan the of Intel NUC‘s for a VMware home lab. In fact I just recently picked up my third Intel NUC to give me more head room for a small VMware Horizon (View) environment at home.

    I typically use G.Skill memory in my NUC’s as I’ve had great luck with the brand in my desktop and laptop for years. However G.Skill has been increasing in price which made me look around for alternatives and came across Crucial DDR3 204-pin memory for less money, but days after I purchased it they too went up in price. However they are now back on sale and cost about $50 less then the G.Skill memory I have been using in my first two NUC’s.

    I’ve been using the Crucial memory now for the last several months without any problems and even though they are rated at a lower voltage I can’t say I really see any difference in power savings or consumption compared to the G.Skill 1.5V. If you’re looking to upgrade now might be a good time to take advantage of the sale price.

  • Use Pi-Hole to block ads on all devices in your network

    Home Lab
    9 Comments

    Sure ad blockers have been around for a long while now, but those are typically only available for your web browsers and not ever device allows you to install them such as cell phones, media players, smart TV’s, etc. I came across a neat project that allows you to block web ads on every device in your network, called Pi-Hole.

    In a nutshell Pi-Hole was developed to run on a Raspberry Pi, but will run on most any Debian based distro, and will act as a DNS server to which you point your devices or router to use as the DNS server so that all requests are filtered through Pi-Hole. Pi-Hole then blocks 100’s of thousands ad domains. All without having to use a single browser extension and for FREE!

    Read More “Use Pi-Hole to block ads on all devices in your network”

  • How to perform Instant File Recovery using NAKIVO Backup

    Home Lab
    0 Comments

    NAKIVO Backup has been a great addition in my home lab and just a few months ago I wrote about my first impressions of NAKIVO Backup. Now I have a few posts lined up to highlight some individual features of NAKIVO Backup, starting with Instant File Recovery.

    If you haven’t already guessed it, Instant File Recovery allows you to recover files or folders directly from a previous backup job. This is a great alternative to performing a full restore of a VM when all you might need is a single or even a couple of files and/or folders.

    Read More “How to perform Instant File Recovery using NAKIVO Backup”

  • Install Synology NFS VAAI Plug-in for VMware

    Home Lab
    4 Comments

    Synology

    In the recent DSM update (5.1), Synology added VMware VAAI support for NFS volumes using two primitives which are Full File Clone and Reserve Space. What do these VAAI primitives offer?

    • Full File Clone enables virtual disks to be cloned by the NAS albeit while the machine is powered off.
    • Reserve Space allows you can create a thick VMDK file. However Reserve Space does not off-load the work to the array. The benefit of thick VMDKs is that many use eager-zero for high I/O performance needs.

    On the Synology side of things you just need to update to DSM 5.1, but in order to take advantage of VAAI you still need to install the VIB plugin on your ESXi 5.5 hosts.

    Read More “Install Synology NFS VAAI Plug-in for VMware”

Leave a Reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    Reply

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

      Reply

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    Reply

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael

      Reply