Password-less SSH authentication on UniFi Dream Machine / Unifi Deam Machine Pro

## Step 1. Make cron persist on restarts

```bash
unifi-os shell
curl -L https://github.com/unifi-utilities/unifios-utilities/raw/main/on-boot-script/packages/udm-boot_1.0.5_all.deb -o udm-boot.deb
dpkg -i udm-boot.deb
rm udm-boot.deb
exit
```

## Step 2. Add root ssh keys on restart
```bash
cd /mnt/data/on_boot.d
vi 15-add-root-ssh-key.sh
```

### File contents

```bash
#!/bin/sh

#####################################################
# ADD RSA KEYS AS BELOW - CHANGE BEFORE RUNNING     #
#####################################################
# set -- "ssh-rsa first key here all keys quoted" \ #
#        "ssh-rsa each line appended with slash " \ #
# 	 "ssh-rsa last one has no backslash"        #
#####################################################
set -- "ssh-rsa ..." \
        "ssh-rsa ...."

KEYS_FILE="/root/.ssh/authorized_keys"

counter=0
for key in "$@"
do
	# Places public key in ~/.ssh/authorized_keys if not present
	if ! grep -Fxq "$key" "$KEYS_FILE"; then
		let counter++
		echo "$key" >> "$KEYS_FILE"
	fi
done

echo $counter keys added to $KEYS_FILE
```

### Make file executable and run it

```bash
chmod +x 15-add-root-ssh-key.sh 
./15-add-root-ssh-key.sh 
```

## Step 3. Update banner

```bash
cat /dev/null > /issue
cat /dev/null > /etc/issue
cat /dev/null > /etc/motd

vi /etc/motd

# Insert your own banner 
```

## Step 4. Update ssh configuration

UDM uses dropbear as ssh server and therefore the configuration is done on init.


### Edit the `dropbear` configuration file

```bash
vi /etc/default/dropbear 
 
// See https://wiki.gentoo.org/wiki/Dropbear
DROPBEAR_OPTS="-sg"
```

### Restart the dropbear service

```bash
/etc/init.d/dropbear restart
```

Zeno Popovici
31 Oct 2022
« Back to post