How to enable SSH auto login on Ubiquiti EdgeRouter X

Home Lab

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type: 
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing: 
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following: 
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing: 
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type: 
    configure
  2. Then type: 
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

  • Install Synology NFS VAAI Plug-in for VMware

    Home Lab
    4 Comments

    Synology

    In the recent DSM update (5.1), Synology added VMware VAAI support for NFS volumes using two primitives which are Full File Clone and Reserve Space. What do these VAAI primitives offer?

    • Full File Clone enables virtual disks to be cloned by the NAS albeit while the machine is powered off.
    • Reserve Space allows you can create a thick VMDK file. However Reserve Space does not off-load the work to the array. The benefit of thick VMDKs is that many use eager-zero for high I/O performance needs.

    On the Synology side of things you just need to update to DSM 5.1, but in order to take advantage of VAAI you still need to install the VIB plugin on your ESXi 5.5 hosts.

    Read More “Install Synology NFS VAAI Plug-in for VMware”

  • Crucial 16GB memory, perfect for Intel NUC

    Home Lab
    0 Comments

    crucial 16gb 204pin memory

    I’m a huge fan the of Intel NUC‘s for a VMware home lab. In fact I just recently picked up my third Intel NUC to give me more head room for a small VMware Horizon (View) environment at home.

    I typically use G.Skill memory in my NUC’s as I’ve had great luck with the brand in my desktop and laptop for years. However G.Skill has been increasing in price which made me look around for alternatives and came across Crucial DDR3 204-pin memory for less money, but days after I purchased it they too went up in price. However they are now back on sale and cost about $50 less then the G.Skill memory I have been using in my first two NUC’s.

    I’ve been using the Crucial memory now for the last several months without any problems and even though they are rated at a lower voltage I can’t say I really see any difference in power savings or consumption compared to the G.Skill 1.5V. If you’re looking to upgrade now might be a good time to take advantage of the sale price.

  • How to install CrashPlan on Synology Diskstation

    Home Lab
    270 Comments

    CrashPlan Backup

    A little while ago I posted several ways to improve the security on your Synology NAS and was recently asked about how to install CrashPlan on a Synology NAS. Synology doesn’t have it’s own pre-built package available, but luckily PC Load Letter from the Synology community has stepped up and made a Synology package that works beautifully – the only downside is his instructions are a bit dated and I found harder than they needed to be.

    If you don’t already have a CrashPlan account, go ahead and sign up now.

    Read More “How to install CrashPlan on Synology Diskstation”

  • How to add Realtek R8168 to ESXi 5.5 Update 2 ISO

    Home Lab
    15 Comments

    Realtek

    Over the past weekend I was working on a whitebox ESXi host and wanted to upgrade it to ESXi 5.5 Update 2 from an older version of ESXi 5.1 using a realtek R8168 network card. While I could have performed an in place upgrade, such as via command line, a clean install was preferred. However, VMware has removed a number of NIC drivers from ESXi 5.x and trying to install with the base ESXi image would result in a “No Network Adapters” error during install.

    In order to do a clean install you have to re-add the Realtek R8168 NIC drivers back into the ESXi 5.5 image, otherwise a NIC will not be found and thus ESXi will not install. These are the steps to easily re-add the Realtek R8168 drivers into ESXi 5.5 ISO by making a custom ESXi 5.5 image.

    Read More “How to add Realtek R8168 to ESXi 5.5 Update 2 ISO”

  • Use Pi-Hole to block ads on all devices in your network

    Home Lab
    9 Comments

    Sure ad blockers have been around for a long while now, but those are typically only available for your web browsers and not ever device allows you to install them such as cell phones, media players, smart TV’s, etc. I came across a neat project that allows you to block web ads on every device in your network, called Pi-Hole.

    In a nutshell Pi-Hole was developed to run on a Raspberry Pi, but will run on most any Debian based distro, and will act as a DNS server to which you point your devices or router to use as the DNS server so that all requests are filtered through Pi-Hole. Pi-Hole then blocks 100’s of thousands ad domains. All without having to use a single browser extension and for FREE!

    Read More “Use Pi-Hole to block ads on all devices in your network”

  • How to Upgrade PowerShell 7 to latest version

    Home Lab
    0 Comments

    Have you opened a Windows Terminal and seen a highlighted message stating “A new PowerShell stable release is available …“?

    powershell 7 upgrade prompt

    Well you could go to the link provided in the prompt, download the upgrade and then run it on your machine, or you can quickly and easily upgrade PowerShell 7 directly from the terminal by typing the following command.

    Invoke-Expression "& { $(Invoke-Restmethod https://aka.ms/Install-PowerShell.ps1) } -UseMSI"

    This will automatically download and run the latest version of PowerShell 7 and run the installer for you. See quick and easy!

Leave a Reply to did the job Cancel reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    Reply

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

      Reply

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    Reply

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael

      Reply