How to enable SSH auto login on Ubiquiti EdgeRouter X

Home Lab

edgerouter ssh key auto login

SSH key authentication not only provides a more convenient way to logging into your EdgeRouter X, but is also more secure because the private key replaces the need of a password and thus is typically more difficult to brute force.

The below steps will show how to generate a SSH key, add it to the router, and then disable password authentication so that only the key-pair can be used to login.

How to setup SSH based authentication on EdgeRouter X

Better secure your Ubiquiti EdgeRouter X using SSH login certificates!

  1. Open PuTTYGen.exe and click on Generate to create the public and private key pair.
    edgerouterx ssh key generate
  2. Click on “Save public key” naming it edgerouter.pub then click on “Save private key” naming it edgerouter-pri.ppk
    edgerouter ssh key save keys
  3. Open PuTTY and log into your EdgeRouter X using your username and password and then type: 
    configure

    edgerouter ssh key configure

  4. Create the public key file by typing: 
    vi edgerouter.pub

    edgerouter ssh key create key file

  5. Enter VI Insert mode by pressing i and paste your public key from the PuTTYGen “public key for pasting into OpenSSH authorized_keys file” field and then press ESC and ZZ to exit insert mode and save and exit VI.
  6. Load your key file into your configuration by typing the following: 
    loadkey ACCOUNT_NAME edgerouter.pub

    edgerouter ssh key loadkey

  7. Lets disable password authentication so that only the RSA-Key pair is allowed to log into the EdgeRouter by typing: 
    set service ssh disable-password-authentication

    edgerouter ssh key disable password

  8. Now lets commit and save our work.
    edgerouter ssh key commit save

Configure PuTTY to use the SSH certificate

  1. Open PuTTY and enter the host IP and port number as you normally would.
    edgerouter ssh key host name
  2. Next expand SSH, then click on Auth and click the Browse button and enter the path of the edgerouter-pri.ppk file.
    edgerouter ssh key putty key
  3. When you click on “Open” your SSH session will no longer ask for your password and instead auto login using the SSH private certificate key!
    edgerouter ssh key success
Re-enable password authentication on the EdgeRouter X

If for some reason you no longer want to use the SSH certificate and go back to using passwords to login you can do so very easily by following the below.

  1. Login in SSH using PuTTY and type: 
    configure
  2. Then type: 
    delete service ssh disable-password-authentication

    edgerouter enable password authentication

  3. Then type commit , save , then exit

Similar Posts

  • How to add Realtek R8168 to ESXi 5.5 Update 2 ISO

    Home Lab
    15 Comments

    Realtek

    Over the past weekend I was working on a whitebox ESXi host and wanted to upgrade it to ESXi 5.5 Update 2 from an older version of ESXi 5.1 using a realtek R8168 network card. While I could have performed an in place upgrade, such as via command line, a clean install was preferred. However, VMware has removed a number of NIC drivers from ESXi 5.x and trying to install with the base ESXi image would result in a “No Network Adapters” error during install.

    In order to do a clean install you have to re-add the Realtek R8168 NIC drivers back into the ESXi 5.5 image, otherwise a NIC will not be found and thus ESXi will not install. These are the steps to easily re-add the Realtek R8168 drivers into ESXi 5.5 ISO by making a custom ESXi 5.5 image.

    Read More “How to add Realtek R8168 to ESXi 5.5 Update 2 ISO”

  • Intel NUC i5 5th Generation an ESXi lab improvement

    Home Lab
    18 Comments

    Intel NUC BLKNUC5I5MYHE 5th gen

    For the past year and a half I’ve been using the Intel i5 3rd Gen NUC’s in my ESXi home lab with great success. In this time several people have asked if I recommend anything newer, and while Intel had a few 4th gen models I wasn’t really sold on them as most CPU benchmarks put them the same as my 3rd gen or lower and only added support for a 2.5″ drive which at the time I didn’t need but then Intel released news about several Intel NUC 5th generation models!

    Read More “Intel NUC i5 5th Generation an ESXi lab improvement”

  • VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error

    Home Lab
    0 Comments

    If you use the VMware ESXi 5 ISO image and try to install it on an Intel NUC you’ll receive the following error during the install.

    No Network Adapters

    No network adapters were detected. Either no network adapters are physically connected to the system, or a suitable driver could not be located. A third party driver my be required.

    Ensure that there is at least one network adapter physically connected to the system before attempting installation. If the problem persists, consult the VMware Knowledge Base.

    The “No Network Adapters” on the Intel NUC error message during the ESXi install is because VMware removed a number of drivers (non-enterprise drivers) from their ESXi 5.x image and in order to use the Intel NUC as an ESXi host you need to create a customized ESXi image with the NIC drivers added to the image.

    Read More “VMware ESXi 5 fails to install on Intel NUC, “No Network Adapters” error”

  • Crucial 16GB memory, perfect for Intel NUC

    Home Lab
    0 Comments

    crucial 16gb 204pin memory

    I’m a huge fan the of Intel NUC‘s for a VMware home lab. In fact I just recently picked up my third Intel NUC to give me more head room for a small VMware Horizon (View) environment at home.

    I typically use G.Skill memory in my NUC’s as I’ve had great luck with the brand in my desktop and laptop for years. However G.Skill has been increasing in price which made me look around for alternatives and came across Crucial DDR3 204-pin memory for less money, but days after I purchased it they too went up in price. However they are now back on sale and cost about $50 less then the G.Skill memory I have been using in my first two NUC’s.

    I’ve been using the Crucial memory now for the last several months without any problems and even though they are rated at a lower voltage I can’t say I really see any difference in power savings or consumption compared to the G.Skill 1.5V. If you’re looking to upgrade now might be a good time to take advantage of the sale price.

  • How to Upgrade PowerShell 7 to latest version

    Home Lab
    0 Comments

    Have you opened a Windows Terminal and seen a highlighted message stating “A new PowerShell stable release is available …“?

    powershell 7 upgrade prompt

    Well you could go to the link provided in the prompt, download the upgrade and then run it on your machine, or you can quickly and easily upgrade PowerShell 7 directly from the terminal by typing the following command.

    Invoke-Expression "& { $(Invoke-Restmethod https://aka.ms/Install-PowerShell.ps1) } -UseMSI"

    This will automatically download and run the latest version of PowerShell 7 and run the installer for you. See quick and easy!

  • Secure your Synology NAS, install a SSL certificate

    Home Lab
    154 Comments

    I’ve been using the default setup on my Synology DS412+ with HTTPS enabled for a while now but knew it really wasn’t all that secure without a proper SSL certificate and creating a self-signed certificated isn’t all the much better and can be easily forged. I decided it was about time I used a “real” certificate to better secure the NAS.

    Prerequisites before starting

    • You need to own a domain name, for example MikeTabor.com and be able to receive email from the domain name.
      If you don’t already have a webhost for the domain, I’d suggest BlueHost.

    • You also need a DDNS service setup. In this case and for my use, I simply use the Synology DDNS service they offer for free.
    • With those two setup, you will also want to add a CNAME DNS forward from your domain (or subdomain if you wish to go that route) to your DDNS service.
    • Finally you’ll want to make sure Port Forwarding has been configured on your router.

    Read More “Secure your Synology NAS, install a SSL certificate”

Leave a Reply to did the job Cancel reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. so following “exactly” as shown gets all muddied up at Step: “vi edgerouter.pub” I am logged into my ERX via Putty successfully, BUT then it goes south….. Once I do that the putty app will not “esc zz” or save. The console will not take any commands. WTF. where is the mistyped info? referring to your instructions. I am literally reproducing steps exactly. not working, noWayJose

    Reply

    1. If I had a dollar for every time I heard someone couldn’t exit out of VI I would be a rich man. haha

      If you’re pressing the ESC key and then typing “zz” then you’re doing it wrong. As it’s mentioned in the above post it’s “ZZ” (take super special note of the CAPS). In VI zz and ZZ does NOT mean the same. ;-)

      -Michael

      Reply

  2. Hi Mike,
    I’ve added the authentication method to my laptop and disabled username/login, now I can easily connect. However, if I wanted to access my router from another computer, it would require me to copy that secret key over to the new computer?
    Lastly, if my laptop dies, how would I regain access to the router again? Would this require a physical connection into eth0 to regain control?
    Thanks!

    Reply

    1. Bruce,

      Yes you need to store your private key in a secure location and I would highly suggest backing it up. I like to keep all my SSH keys in an encrypted container that gets backed up on my NAS and to Backblaze.

      -Michael

      Reply