Using an SSH key to connect to the UniFi Network

Table Of Contents
  1. Generation of SSH keys
  2. Adding a public key
  3. How to add a key to the SSH agent
  4. Checking the connection
  5. Conclusions

Ubiquiti’s UniFi Network Controller provides a user-friendly interface for network management, but for deeper diagnostics and configuration, command line access via SSH is sometimes required. For security and convenience, you should use an SSH key instead of a password. This article explains how to create an SSH key, add it to the UniFi Controller, and use it to log in to the device.

Generation of SSH keys

I have an Ubuntu operating system installed, so I’ll be using that for all setups. In the terminal, you need to execute the command to generate private and public SSH keys.

ssh-keygen -t ed25519 -C "unifi-access"

You will be asked to specify the path to save the key and its name. Specify where it will be stored, usually it is the user’s home directory, and give the name unifi_key or press Enter for the default path (~/.ssh/id_rsa).

Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/UserName/.ssh/id_ed25519): unifi_key

After that, you will be asked to create a password for the private key. This password will always be requested when accessing this key, however I will add the data to the ssh agent to avoid having to enter this password all the time and keep the system secure.

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

As a result, two files will be generated:

  • Private key: ~/.ssh/unifi_key
  • Public key: ~/.ssh/unifi_key.pub

Keep your private key in a safe place and do not share it with anyone!

Adding a public key

In the new Unifi Network interface, the remote control settings section has been moved to the devices section:

Unifi Devices -> Device Updates and Settings -> Device Settings -> SSH Keys

To do this, you will need to enter the name of the public key and its content.

To view the contents of the newly created public key, open it:

cat ~/.ssh/unifi_key.pub
ssh-ed25519 AAA.....cpoM unifi-access

We copy this line into the corresponding block and add it to the controller. We click on the Apply Changes button and we have the key, it remains to add it to the agent and check the connection.

How to add a key to the SSH agent

To avoid specifying the path to the public key each time, you can add the key to the SSH agent. If a password was previously created for the private key, it must be entered.

ssh-add ~/.ssh/unifi_key
Enter passphrase for /home/home/.ssh/unifi_key: 
Identity added: /home/home/.ssh/unifi_key (unifi-access)

Checking the connection

Now from this PC, you can connect to any device that is added to the UniFi controller without specifying a password, but the login must already be root.

ssh [email protected]
Linux UXGLite 5.4.213-ui-qcom #5.4.213 SMP PREEMPT Wed Apr 30 13:12:54 CST 2025 aarch64

Firmware version: v4.1.13

Conclusions

Using SSH keys to access UniFi devices is a more secure and convenient approach compared to passwords. Keys are harder to intercept and, if used correctly, can be easily updated and revoked. UniFi Controller allows you to centrally distribute keys to all devices, which simplifies the administration of a large network.

19
, ,