SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.
The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.
How to setup SSH based authentication on EdgeRouter X
Better secure your Ubiquiti EdgeRouter X using SSH login certificates!
- Open PuTTYGen.exe and click on Generate to create the public and private key pair.
- Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
- Open PuTTY and log into your EdgeRouter X using your username and password and then type:
- Create the public key file by typing:
- Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
- Load your key file into your configuration by typing the following:
loadkey ACCOUNT_NAME edgerouter.pub
- Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing:
set service ssh disable-password-authentication
- Now lets commit and save our work.
Configure PuTTY to use the SSH certificate
- Open PuTTY and enter the host IP and port number as you normally would.
- Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
- When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
Re-enable password authentication on the EdgeRouter X
If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.
- Login in SSH using PuTTY and type:
- Then type:
delete service ssh disable-password-authentication
- Then type commit , save , then exit