Remote Keybased Login with SSH to AirOS

I found the holy grail for any network admin, password-less login. This gives you the power to run remote scripts, forget passwords, and control the world… well maybe. Anyways, lets get to it. This specific post is talking about how to remotely login to an AirOS system (Ubiquiti). I’ll assume you are using a Linux system, or if not, you will need to know how to generate your own rsa key.

First, open an ssh session to the radio in question and do the following:

#vi /tmp/system.cfg

Next add users.1.homedir=/etc/persistent and type the following:


#cfgmtd -w -p /etc/
#reboot

Next do ssh-keygen to generate a new RSA key. You will be asked for a directory and a passphrase. Make sure you leave passphrase blank, or you will have to enter that key each time.

Now you will need to make a directory and copy the public key to the AirOS system:

#ssh username@x.x.x.x 'mkdir /etc/persistent/.ssh/'
#cat ~/.ssh/id_rsa.pub | ssh username@x.x.x.x 'cat >> /etc/persistent/.ssh/authorized_keys'

If you changed the directory during the ssh-keygen process, make the change in the command above.

Now make your changes persistent with this command:
#cfgmtd -w -p /etc/

You should be able to login without a password!

Cheers,

Mike

2010
10/18
CATEGORY
Ubiquiti
9 comments

  1. Hi
    I am a small WISP.
    It seems that all of above is done on my NanoStation5, but i doesn’t work.
    AirOS ver.: XS5.ar2313.v3.6.1.4866.110330.1248
    It is the newest firmware so maybe your trick with rsa needs to be updated.

    Regards

  2. Hi
    I am a small WISP in Poland.
    It seems that all of above is done on my NanoStation5, but i doesn’t work.
    AirOS ver.: XS5.ar2313.v3.6.1.4866.110330.1248
    It is the newest firmware so maybe your trick with rsa needs to be updated.

    Regards

  3. I’ll check if it works, it looks like you are not running the “M” series of radios and I have only made this work on the M series. I’ll test it and let you know.

  4. @mike

    Right, it is NanoStation5 – it hangs on radio and Ubiqiti watchdog doesn’t work, so I want to make my own watchdog :) on Linux :)

  5. @mike
    Any problems ?
    I can provide you an access to one of my NanoStation5 if needed. Let me know by email.

  6. I haven’t been able to get my hands on an NS5 to test this for you. You can reach me on google chat with mspicer182 [at] gmail.com. We can look into his further.

  7. OK, I’ve logged on to jabber and have sanded you a massage from serwer72 on the same server as yours.

  8. Sorry, I didn’t approve you, I didn’t see this message.

    • marko
    • February 12th, 2012

    is this way for Linux OS ,,,any ability to fined a way on windows?…….Thanks

  1. No trackbacks yet.

Recent entry

Archive

Category