Password-less SSH authentication on UniFi Dream Machine / Unifi Deam Machine Pro
Step 1. Make cron persist on restarts
unifi-os shell
curl -L https://github.com/unifi-utilities/unifios-utilities/raw/main/on-boot-script/packages/udm-boot_1.0.5_all.deb -o udm-boot.deb
dpkg -i udm-boot.deb
rm udm-boot.deb
exit
Step 2. Add root ssh keys on restart
cd /mnt/data/on_boot.d
vi 15-add-root-ssh-key.sh
File contents
#!/bin/sh
#####################################################
# ADD RSA KEYS AS BELOW - CHANGE BEFORE RUNNING #
#####################################################
# set -- "ssh-rsa first key here all keys quoted" \ #
# "ssh-rsa each line appended with slash " \ #
# "ssh-rsa last one has no backslash" #
#####################################################
set -- "ssh-rsa ..." \
"ssh-rsa ...."
KEYS_FILE="/root/.ssh/authorized_keys"
counter=0
for key in "$@"
do
# Places public key in ~/.ssh/authorized_keys if not present
if ! grep -Fxq "$key" "$KEYS_FILE"; then
let counter++
echo "$key" >> "$KEYS_FILE"
fi
done
echo $counter keys added to $KEYS_FILE
Make file executable and run it
chmod +x 15-add-root-ssh-key.sh
./15-add-root-ssh-key.sh
Step 3. Update banner
cat /dev/null > /issue
cat /dev/null > /etc/issue
cat /dev/null > /etc/motd
vi /etc/motd
# Insert your own banner
Step 4. Update ssh configuration
UDM uses dropbear as ssh server and therefore the configuration is done on init.
Edit the dropbear configuration file
vi /etc/default/dropbear
// See https://wiki.gentoo.org/wiki/Dropbear
DROPBEAR_OPTS="-sg"
Restart the dropbear service
/etc/init.d/dropbear restart