Reply
Member
Posts: 263
Registered: ‎05-29-2014
Kudos: 147
Solutions: 23

Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

Hi,

 

I've have copied my authorized keys across to my Unifi APs and was wondering if there is anyway of disabling password logins on the unit. I don't mind if I have to do this locally on each unit providing it is persistent across reboots.

New Member
Posts: 38
Registered: ‎06-30-2016
Kudos: 26

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

What command(s) did you use to copy the ssh authorized_keys to the Unifi AP's?

Member
Posts: 263
Registered: ‎05-29-2014
Kudos: 147
Solutions: 23

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

I just logged in via SSH and created the ~/.ssh/authorized_keys file manually.
New Member
Posts: 38
Registered: ‎06-30-2016
Kudos: 26

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

[ Edited ]

Thanks. I used the one-liner below at the access point, though that doesn't survive an AP reboot:

 

$ cat ~/.ssh/id_rsa.pub | ssh admin@192.168.1.16 "mkdir ~/.ssh;cat - >> ~/.ssh/authorized_keys;chmod -R 600 ~/.ssh"

 

Any suggestion how to make this AP config stick?

New Member
Posts: 38
Registered: ‎06-30-2016
Kudos: 26

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

How to make to make the AP config stick?

 

# cfgmtd -w -p /etc

 

With thanks to bzavala at https://community.ubnt.com/t5/UniFi-Wireless/clients-complain-about-dropping-from-connecting-to-unif...

Member
Posts: 263
Registered: ‎05-29-2014
Kudos: 147
Solutions: 23

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

Yes, cfgmtd to make an f/s change permanent. Oddly although this was necessary on my original Unifi APs, I don't recall it being necessary when I updated them to AC Pros. I guess it was but don't remember having to do so.
Established Member
Posts: 1,103
Registered: ‎08-29-2016
Kudos: 490
Solutions: 50

Re: Unifi AP: Maintaining SSH access whilst disabling password logins (authorized_keys only)

[ Edited ]

Well I think guys that /etc/dropbear/authorized_keys is the file to use in the first place; otherwise it won't stick even after running

cfgmtd -w -p /etc

 So, you'd use something like

 

ssh admin@192.168.1.1 "tee -a /etc/dropbear/authorized_keys" < ~/.ssh/id_rsa.pub

to add your key.

Reply