In an earlier article, I talked about how I recently set up a Ubiquiti access point (model UAP-AC-PRO-US). There are a variety of commands you can run directly on the access point by logging in via SSH. In order to do this, you may need to modify the login credentials. This article will show you how to make these changes.
Note that the access point must be adopted and provisioned by the UniFi controller before you can manage the SSH authentication credentials.
The username, password, and SSH keys can all be managed from the same place. To modify the credentials, do the following:
- Log into the UniFi controller.
- Go to Settings (the gear icon in the bottom-left of the page).
- Go to the Site section (this is the default section you go to when going to the Settings page).
- Make the desired changes in the “DEVICE AUTHENTICATION” section at the bottom of the page.
- Click the “APPLY CHANGES” button.
After applying the changes, the adopted access points should automatically update with these new credentials. If you wait a minute or so and the new credentials do not work yet, you can force the changes onto an access point by doing the following:
- Log into the UniFi controller.
- Go to Devices (the nested circles icon towards the top-left of the page).
- Click on the access point that needs updating. This will pop open a panel on the right side of the page.
- Click the Config icon (it looks like a gear) at the top middle of the device’s panel.
- Click “MANAGE DEVICE” in the device’s panel. Note: You may need to scroll to see this section.
- Click the “Provision” button under the “Force provision” section.
After following these steps, the access point’s status will change to “PROVISIONING”. The changes should only take a few seconds to finish. Once the access point’s status changes back to “CONNECTED”, you should be able to SSH into the access point using the updated credentials.
Did I help you?
Hi Chris,
Very nice! It was simple and way better than vendor’s documentation. Only note to add here – I had to enable “try new settings (beta)” in order to eventually find device authentication. From there onwards, exactly as you described – controller set new username and random password though I could easily change that.
Now troubleshooting problem where every time I upgrade the AP, controller can not ‘adopt it’ back, therefore need to reboot controller and AP – what a pain. Have a support case opened with vendor. (same problem with RF scan as well)
Cheer s/Pedro
Hi Chris,
many thanks for your post.
I have a UDM-Pro with a UAP-nanoHD attached to it.
For the UDM-Pro, no prob. I can login to it via SSH. For the UAP-nanoHD I cannot. So I followed the instructions you provided and updated the site config to use SSH authentication. At first I thought it might be a good idea to name the user “root” but then (after it did not work) decided to go for “tobi”. Forcing the UAP to reprovision worked. Just, I still get a connection refused when trying to connected via SSH to the UAP.
Any ideas?
Best,
Tobi
Hey Chris,
finally I figured out why I could not connect. Reprovisioning the UAP was not enough. Even though the user was created on the UAP, the SSH daemon was not started. You can see that when logging in via the WebUI and running a netstat (port 22 was not open) I had to disconnect the UAP from power and have it start again. After that, the SSH daemon was up and running and I could finally connect via SSH.
Best,
Tobi