info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

UniFi - Add Custom SSH Keys to Your UniFi Devices

Overview


This article provides the steps on how to add one or more custom SSH keys to your UniFi access point (UAP) and UniFi switch (USW) hardware. It does not apply to UniFi Security Gateway hardware. The following is performed by adding custom lines to a config.properties file. This method is persistent across reboots, firmware upgrades, and is also provisioned to devices added to the site at a late time.

The file config.properties is used for advanced configurations. For more information on creating the config.properties file, please see our help center article which is found HERE.

Implementation


To add a custom key you would simply add the following:

config.system_cfg.1=sshd.auth.key.1.status=enabled
config.system_cfg.2=sshd.auth.key.1.value=SSH_KEY
config.system_cfg.3=sshd.auth.key.1.type=ssh-rsa

You would replace SSH_KEY with desired key in base64 format. It is possible to add more than one key. To add a second key you would add the following:

config.system_cfg.4=sshd.auth.key.2.status=enabled
config.system_cfg.5=sshd.auth.key.2.value=SSH_KEY
config.system_cfg.6=sshd.auth.key.2.type=ssh-rsa

The system_cfg number will increment with every config line, and the key number increments with every key (right after the 4,5,6 system_cfg lines). Please do take note if you have existing system_cfg lines.

Once you have the customizations written in the config.properties file you have to trigger a provision. It may be easiest to toggle a service like SNMP or syslog. 

For reference, we will be adding this to the UI in the future. It is a bit of a lower priority though so these steps can be used until this is added to the UI. 

Related Articles