How to enable SSH auto login on Ubiquiti EdgeRouter X

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type:
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing:
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following:
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing:
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type:
    configure
  2. Then type:
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

4 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael