How to SSH into UniFi APs
Published onby Iron (edited on )
If you've been using UniFi for a while, you're probably familiar with the user-friendly web interface. It's where most of the magic happens, from setting up your Wi-Fi network to monitoring connected devices.
But there's a whole other layer of control hidden beneath the surface? Enter SSH: a tool that allows you to access your UniFi APs through the command line.
Here is how it works!
🚨 Before we get to the SSH part, just a quick note: If you manage client networks on a self-hosted UniFi controller. Please stop. Sooner or later this will cause issues! It's fine for home users, but definitely not recommended for businesses. We've built a secure and reliable UniFi hosting solution that takes the hassle out of managing controllers. You can try it for free.
Table of Contents
- Why Use SSH?
- Getting Set Up: Preparing for SSH Access
- Connecting via SSH
- What you can do with SSH
- Troubleshooting with SSH
- Advanced SSH Tips and Tricks
- Final Thoughts
Why Use SSH?
SSH is like the Swiss Army knife of network management. It gives you a direct, secure line to your device, allowing you to perform tasks that might not be possible through the web interface. Here’s why you might want to use SSH:
-
Advanced Troubleshooting: Access logs and system details in real-time to diagnose issues. Logs can reveal problems that the web interface might not show, like network conflicts or software bugs.
-
Deep Configuration: Modify settings that aren't available through the standard web UI, such as custom firewall rules or specific network tweaks that require command-line access.
-
Direct Management: Restart services, update firmware, or reboot devices with simple commands. This is particularly useful in large deployments where manual resets would be time-consuming.
Getting Set Up: Preparing for SSH Access
Before you can start SSHing into your UniFi AP, there are a few things you need to prepare:
Enable SSH on your UniFi Controller
First things first, SSH needs to be enabled on your APs. You’ll do this through your UniFi Controller:
-
Log into your UniFi Controller.
-
Navigate to Settings > Site.
-
Under Device Authentication, set your SSH Username and SSH Password.
These credentials are what you’ll use to gain SSH access, so keep them secure. Enabling SSH is usually done by default, but it’s good to double-check.
Find the IP address of your AP
You’ll also need to know the IP address of the AP you want to connect to. Here’s how to find it:
-
Go to Devices in your UniFi Controller.
- Find your AP in the list and click on it.
- Look for the IP address in the device details section.
This IP address is your target—write it down or keep it handy for the next steps.
Connecting via SSH
With SSH enabled and your AP’s IP address in hand, you’re ready to log in:
-
Open your terminal (or use an SSH client like PuTTY if you’re on Windows).
-
Type the following command:
ssh <username>@<AP-IP-Address>Replace "
" with your SSH username and " " with your AP’s IP address. -
Enter your SSH password when prompted.
If all goes well, you should now have access to your AP’s command line. Welcome to the world behind the scenes!
What you can do with SSH
SSH opens up a whole new world of possibilities for managing your UniFi APs. Here are some commands and actions you might find useful:
Check AP Status
Want to get a quick overview of what’s going on with your AP? Use the "info" command:
info
This command will return details like uptime, load averages, firmware version, and network configuration. It’s a great way to check if everything is running smoothly.
Reboot the AP
If your AP is acting up and needs a quick restart, just type:
reboot
This will reboot the AP, and you can monitor its progress right from the command line. This command is particularly useful if the AP is not responding as expected from the web interface.
Update Firmware
Sometimes, you might need to manually update your AP’s firmware. You can do this directly through SSH:
- First, download the firmware from the Ubiquiti website.
- Then, upload it to a web server or directly to your local machine.
-
Use the following command to start the update:
upgrade https://<firmware-url>
Replace "
Reset to factory settings
If you need to start over with a clean slate, you can reset your AP to factory settings:
syswrapper.sh restore-default
This command wipes all configurations and resets the AP to its factory state. Use this with caution, especially if you don’t have a backup of your current settings.
Use the Set-Inform Command
The "set-inform" command is particularly useful if you’re moving APs between controllers or re-adopting a device. This command tells the AP where to find its controller:
set-inform http://<controller-IP>:8080/inform
Replace "
Troubleshooting with SSH
One of the biggest advantages of SSH is the ability to troubleshoot issues directly on your AP. Here are some commands that can help you diagnose and fix problems:
Viewing Logs
Logs are essential for troubleshooting. You can view the system log on your AP with this command:
cat /var/log/messages
Scroll through the log to find any errors or unusual activity that might explain the issue you’re facing. Logs can be extensive, so using "grep" to filter by keywords can be helpful.
Checking Network Status
If your AP isn’t connecting to the network, you can check the status of its network interfaces:
ifconfig
This will show you the status of all network interfaces on the AP. Look for your Ethernet interface (usually "eth0") to ensure it’s properly configured and connected. You might also want to check for IP address conflicts or misconfigurations.
Pinging Other Devices
To test connectivity to other devices on your network, use the "ping" command:
ping <IP-Address>
Replace "
Advanced SSH Tips and Tricks
Once you’re comfortable with the basics, you can start exploring some advanced SSH features to make your life even easier:
Automating tasks with scripts
If you find yourself running the same commands over and over, consider writing a simple bash script to automate the process. For example, you can create a script to update firmware across multiple APs or to back up configurations. Automating these tasks can save you time, especially in larger deployments.
Using SSH keys for passwordless Login
Tired of typing in your password every time you log in? You can set up SSH keys for passwordless authentication. Here’s how:
-
Generate a key pair on your local machine:
ssh-keygen -t rsa -b 2048 -
Copy the public key to your AP:
ssh-copy-id <username>@<AP-IP-Address> - Now, you can log in without a password! This is a huge time-saver and also improves security by eliminating password-based attacks.
3. Secure your SSH Access
Security is always a priority. To keep your SSH access secure, consider changing the default SSH port from 22 to something less common. You can do this by editing the SSH configuration file:
vi /etc/ssh/sshd_config
Look for the line that says "Port 22" and change "22" to a port number of your choice. Don’t forget to restart the SSH service after making changes.
Final Thoughts
SSH might seem intimidating at first, but once you get the hang of it, it’s an incredibly powerful tool for managing your UniFi APs. Whether you’re troubleshooting a network issue, updating firmware, or just poking around to see what’s under the hood, SSH gives you the control you need.
So, why not give it a try? Open up your terminal and start exploring what your UniFi APs can really do. And remember, if you’re managing multiple UniFi devices and UniFi Controller, using a managed service like UniHosted can save you a ton of time and hassle.
If you would like me to personally walk you through UniHosted, you can schedule a call with me here.
We host UniFi Controllers in the Cloud
Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.
Free tier available
Get the best support
Join 1660+ customers
No credit card required