How to enable SSH auto login on Ubiquiti EdgeRouter X

Home Lab

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type: 
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing: 
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following: 
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing: 
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type: 
    configure
  2. Then type: 
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

  • Crucial 16GB memory, perfect for Intel NUC

    Home Lab
    0 Comments

    crucial 16gb 204pin memory

    I’m a huge fan the of Intel NUC‘s for a VMware home lab. In fact I just recently picked up my third Intel NUC to give me more head room for a small VMware Horizon (View) environment at home.

    I typically use G.Skill memory in my NUC’s as I’ve had great luck with the brand in my desktop and laptop for years. However G.Skill has been increasing in price which made me look around for alternatives and came across Crucial DDR3 204-pin memory for less money, but days after I purchased it they too went up in price. However they are now back on sale and cost about $50 less then the G.Skill memory I have been using in my first two NUC’s.

    I’ve been using the Crucial memory now for the last several months without any problems and even though they are rated at a lower voltage I can’t say I really see any difference in power savings or consumption compared to the G.Skill 1.5V. If you’re looking to upgrade now might be a good time to take advantage of the sale price.

  • Running Ubiquiti UniFi controller in Docker on Synology NAS

    Synology
    43 Comments

    Recently I posted how to run the Ubiquiti UniFi Controller in the cloud using services like Linode, Vultr, or DigitalOcean. However, a few people has asked if I could post instructions on how to run the UniFi controller in Docker, similar how I have CrashPlan running in Docker.

    For the steps below I’ll be using my Synology DS1815+ NAS which is compatible to run Docker. If you’re unsure if your model support docker or not you can check here.

    Read More “Running Ubiquiti UniFi controller in Docker on Synology NAS”

  • How to perform Instant File Recovery using NAKIVO Backup

    Home Lab
    0 Comments

    NAKIVO Backup has been a great addition in my home lab and just a few months ago I wrote about my first impressions of NAKIVO Backup. Now I have a few posts lined up to highlight some individual features of NAKIVO Backup, starting with Instant File Recovery.

    If you haven’t already guessed it, Instant File Recovery allows you to recover files or folders directly from a previous backup job. This is a great alternative to performing a full restore of a VM when all you might need is a single or even a couple of files and/or folders.

    Read More “How to perform Instant File Recovery using NAKIVO Backup”

  • Secure your Synology NAS, install a SSL certificate

    Home Lab
    154 Comments

    I’ve been using the default setup on my Synology DS412+ with HTTPS enabled for a while now but knew it really wasn’t all that secure without a proper SSL certificate and creating a self-signed certificated isn’t all the much better and can be easily forged. I decided it was about time I used a “real” certificate to better secure the NAS.

    Prerequisites before starting

    • You need to own a domain name, for example MikeTabor.com and be able to receive email from the domain name.
      If you don’t already have a webhost for the domain, I’d suggest BlueHost.

    • You also need a DDNS service setup. In this case and for my use, I simply use the Synology DDNS service they offer for free.
    • With those two setup, you will also want to add a CNAME DNS forward from your domain (or subdomain if you wish to go that route) to your DDNS service.
    • Finally you’ll want to make sure Port Forwarding has been configured on your router.

    Read More “Secure your Synology NAS, install a SSL certificate”

  • My VMware ESXi Home Lab Upgrade

    Home Lab
    39 Comments

    Although the focus in my career right now is certainly more cloud focused in Amazon Web Services and Azure, I still use my home lab a lot.

    For the last 5+ years my home lab had consisted of using 3x Intel NUC’s (i5 DC53427HYE), a Synology NAS for shared storage and an HP ProCurve switch. This setup served me well for most of those years. It has allowed me to get many of the certifications I have, progress in my career and have fun as well.

    At the start of this year I decided it was time to give the home lab an overhaul. At first I looked at the newest generation of Intel NUC’s but really wasn’t looking forward to dropping over $1,300 on just partial compute (I’d still need to be RAM for each of the 3 NUC’s). I also wanted something that just worked, no more fooling around with network adapter drivers or doing this tweak or that tweak.

    I also no longer needed to be concerned about something that had a tiny footprint. I also questioned if I really needed multiple physical ESXi hosts. My home lab isn’t running anything mission critical and if I really wanted I could always build additional nested VMware ESXi hosts on one powerful machine if I needed.

    So in the end, the below is what I settled on. Replacing all of my compute, most of my networking and adding more storage!

    Read More “My VMware ESXi Home Lab Upgrade”

  • VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error

    Home Lab
    0 Comments

    If you use the VMware ESXi 5 ISO image and try to install it on an Intel NUC you’ll receive the following error during the install.

    No Network Adapters

    No network adapters were detected. Either no network adapters are physically connected to the system, or a suitable driver could not be located. A third party driver my be required.

    Ensure that there is at least one network adapter physically connected to the system before attempting installation. If the problem persists, consult the VMware Knowledge Base.

    The “No Network Adapters” on the Intel NUC error message during the ESXi install is because VMware removed a number of drivers (non-enterprise drivers) from their ESXi 5.x image and in order to use the Intel NUC as an ESXi host you need to create a customized ESXi image with the NIC drivers added to the image.

    Read More “VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error”

Leave a Reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    Reply

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

      Reply

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    Reply

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael

      Reply