For future posts, we will need to have SSH enabled on the Unifi devices, including the Dream Machine Pro, so let’s get this out of the way.
Allow SSH access onto UDM-pro
Go to your UDM-Pro page (eg. 192.168.1.1). As usual, you will have to use your Unifi account credentials to login on the UDM-Pro. Once you succeed, you will be redirected to the main page, which will list all Applications installed on your device.
Click on Settings >> Advanced and enable the SSH toggle, set a password and, optionally, rename the device if you want to access it later using the hostname instead of IP. Click on Confirm changes. This will enable SSH to the UDM-Pro itself, not to the other Unifi devices connected to it.
Manually allowing SSH Keys on your UDM-Pro
By default, UDM Pro allows password only as authentication method. However, now that you have access to your UDM-Pro through ssh, you can add your public key into root‘s authorized_keys file and login without password, which is ideal for automation.
From a machine which has SSH and your SSH key install, simply run ssh-copy-id root@<udm_pro_ip> and type your UDM Pro password. Your public key will be appended to /root/.ssh/authorized_keys and the next time you run ssh root@<udm_pro_ip> you won’t be asked to type your password.
Installing private/public keys for your SSH user
After going through the steps from the previous section, you will be able to SSH into your UDM Pro without password. However, we will also need to SSH from your UDM Pro into other devices for automation.
To accomplish this, you have to either generate a new SSH key or copy your existing into your UDM Pro. If you generated your keys after login in to your UDM Pro, you are done. In order to copy your keys to your UDM Pro, use scp ~/.ssh/id_rsa* root@<udm_pro_ip>:~/.ssh. From now on, not only you can connect into your UDM Pro without password, but also connecting from your UDM Pro to other devices without typing passwords too.
Sometimes scp does not preserve file permissions and SSH’ing from UDM Pro might ask you for password. To fix this, run chmod 644 ~/.ssh/id_rsa.pub and chmod 700 ~/.ssh/id_rsa.
Allow SSH access onto other Unifi devices
The next step is enable SSH to all Unifi devices controlled by the UDM-Pro. Go back to the main page by clicking on the Unifi logo on the top left corner. Click on Networks application icon >> Settings >> Network settings >> Device authentication. Enabled the SSH toggle, set a username and password, or even a SSH Key. Click Apply changes and you should be good to know.
At this point, you should be able to SSH into your UDM-Pro through root@<udmpro_ip> on port 22. For the other devices, such as the Unifi APs, the URL should be username@<device_ip> also on port 22. Note that you can’t specify port for neither devices, you can’t specify a different username for the UDM-Pro and also can’t specify SSH keys for the non UDM-Pro devices. Lots of restrictions, but that is what it is. Have fun!
If your ultimate goal is to remotely access your UDM Pro for some sort of automation, you should test connect at least once from the remote host to add your UDM Pro to the permanent list of known hosts.