SSH is an application that allows you to remotely login and access another computer’s terminal. Like telnet, but with encryption. Usually the SSH application on the remote side will demand a login and password before letting you in.
There’s a quicker, more secure way of logging in if you take the time to set it up. By creating SSH keys (shared by both sides of the connection), SSH will login without requiring your password. Here’s how to set that up (in macOS Big Sur).
1. Generate the SSH keys
The SSH keys are a public/private pair (aka asymmetric cryptography). The private key should never be shared, and this one will live on the computer you are connecting from. The public key should be moved or copied to the computer you are connecting to.
In Terminal, enter the following command:
ssh-keygen -t rsa
When prompted, accept the default for file location and type in a password (optional – I never do – but recommended). ssh-keygen will generate two files for you:
- Your private key will be at .ssh/id_ra
- Your public key will be at .ssh/id_rsa.pub
2. Copy your public key to the Edgerouter.
I’m going to temporarily dump mine in the /var/tmp directory. Substitute your own user and host for “ubnt” and “ubnt.local” below:
scp ~/.ssh/id_rsa.pub ubnt@ubnt.local:/var/tmp/
Close the Terminal – none of the remaining commands below are entered into the Mac!
3. Import the file into the Edgerouter configuration
SSH into the Edgerouter, and substitute your own user and filename for “ubnt” and “id_rsa.pub” below:
configure
load key ubnt /var/tmp/id_rsa.pub
set service ssh disable-password-authentication
commit
save
4. You’re Finished!
The public key will be used to encrypt messages that can only be decrypted with the private key. When you SSH to the target machine, it will create a secret message and when the requesting machine proves that it can read the message – voila! – you are allowed to login sans password.
5. Technology – No Place for the Weak
Now of course trouble started when I tried to upload an updated public key. Each time I ran the “load key” command, the Ubiquiti responded with
Cannot open configuration file /config/key: No such file or directory
I tried deleting the key – didn’t work:
delete system login user ubnt autentication public-keys
commit
save
I tried re-enabling password authentication – didn’t help:
delete service ssh disable-password-authentication
commit
save
Even trying to load the key via the GUI didn’t work. Whatever this /config/key file is, it is important! Where the hell did it go??
I finally found more robust commands that allowed me to import a new key:
set system login user ubnt authentication public-keys ubnt key AAAAB3NzaC1yc2EAAAADAQABAAABgQDIjd4bDv35Yk0M8zePhKkuDIfcpBjD0PGb93L+gV2SIpWNHmCRffRQjZ5NJYLs95eMuCLY/761shjf+mmxnO7PZvFSWnsxgqO4sTZgbM/NUEquQy88peHreg3xli3IdBhImNCdFpNmgACqEiRPVuJ0Q6zeiym0zqKw8I7QGD0w2qjstzn6YCyDuzw04rHLW8eHffZAXmOp5AzSwc1VmegxWkh8Yp/Nptt6hZ9of68kCfJCX3Eiad/GFKVrvXULypkllSlNbBAfLJ+k/3NuJNxDruODyBSDMSlbGKB0H5uEhrAxLkzDSRvrNSgOboyi+D86708kvMlKKnRwQj8xg4aHsYz4a5TSWSne4dK3ttkbBFXv4PNdGCgVutm0PjACiq2Ck51c24o7rdzGbgXiDn/mF8k292KJD4ia4cNK3zZOxSy+o0iBvsmncBLHsHqQopDTMgxJYkOAckYe2kHKy3YLGONF82utTp5f70AHNSMq2ttw6hGzDrr1tsUaM/VOPZ8=
set system login user ubnt authentication public-keys ubnt type ssh-rsa
YMMV.
Leave a Reply