How to SSH into a Unifi AP (Access Point)

Anthony Metcalf

Read more posts by this author.

A new (or second-hand) Ubiquiti Unifi Access Point (AP) can be an intimidating beast. Setting up Unifi APs is different from most other networking equipment you may come across. But don’t worry, learn how to SSH into a Unifi AP (access point) in this tutorial.

Ready? Read on to get started!

Prerequisites

This tutorial comprises hands-on demonstrations. To follow along, ensure you have the following in place.

  • A Unifi access point. This tutorial uses a UAP-AC-Lite model, version 5.43.52.
  • An SSH client. This tutorial uses the Windows SSH client from a PowerShell prompt on Windows 11 Build 22518, but any SSH client will work.

Identifying a Previously Adopted Access Point

Before you can SSH into a Unifi AP, you must first determine if the AP was previously adopted or not. A controller centrally manages all Ubiquiti devices with an access point. An access point that a controller has claimed (associated with) is referred to as “adopted” while a new or factory rest AP is “unadopted”.

To view an AP’s status, open your favorite browser, and log in to your controller by connecting to the URL and filling in the username and password fields.

Next, click the AP icon on the left-hand side to display the device listing.

Accessing Ubiquiti Device Listing
Accessing Ubiquiti Device Listing

The image below shows two APs connected to a controller. The first AP (denoted by a white status dot) is claimed by another system, while the controller claims the second AP (denoted by a green status dot).

Note the IP addresses of both APs like the ones below, as you’ll need them to access both APs later.

If you cannot see the AP in the devices page of the controller (or you haven’t set up a controller yet), try your DHCP server. The AP can usually be found on your internet router and should list all of the devices on your network with their IP and MAC addresses.

You don’t need to know what a MAC address is, but know it’s on a label on the underside of the access point called “MAC ID.” Match the MAC address on your AP to an IP on your network, and you are good to go.

Viewing Unifi Controller Device List
Viewing Unifi Controller Device List

The status of the access point makes a difference as to which username and password that you use to connect to the AP. For an unadopted access point, or one which has been recently reset, the SSH credentials will be (depending on the firmware):

  • Username: root | Password: ubnt
  • Username: ubnt | Password: ubnt

But for the unadopted access point used in this tutorial, the credentials are ubnt for the username and ubnt as the password. Take note of the username and password, as you’ll need them to access the unadopted AP in the following section.

If the access point is adopted, the credentials will be root/your-SSO-account’s-password (account.ui.com).

Accessing an Unadopted Access Point

Once you know your access points’ state, you can now access them, but first, start with accessing the unadopted one.

If the access point has been previously adopted, the username and password may have been reset, so jump to the “Accessing an Adopted Access Point” section.

Open a terminal, and run the command below to SSH into the AP. When prompted, enter the unadopted AP’s password you noted in the “Determining if the AP has Previously Been Adopted” section.

ssh [email protected]

If the SSH session is successful, you’ll get a BusyBox built-in shell (ash) message like below.

If the credentials do not work, reset the access point by performing the reset procedure on your AP.

Showing Successful SSH connection
Showing Successful SSH connection

Resetting a Previously Adopted Access Point

Now that you can access an unadopted AP via SSH, you can also access a previously adopted AP. But first, you’ll reset the previously adopted AP. Doing so sets the AP in a ready-to-be “adopted” state by your controller.

Resetting an AP causes downtime. So ideally, only try this on an Access Point that is not yet in use unless you’re prepared to face some angry users.

Run the set-default command below to clear Unifi access points config and reboot the AP, which takes a few minutes to complete. This command puts the AP into the same state as using the physical reset switch on the device.

set-default
Resetting the AP configuration to factory default.
Resetting the AP configuration to factory default.

Resetting an Access Point’s Default Password

Not leaving your network settings on default is a sensible idea. A new username and password will automatically be set up with new details for your network when you adopt a device. So to be on the safe side, reset the default password now.

Run the passwd command at the shell prompt, and then enter a new password and confirm it.

passwd
Changing the default password.
Changing the default password.

Accessing an Adopted Access Point

Perhaps you have an adopted AP; how do you access it? SSH into the AP using the username and password you set up when configuring the controller.

Note that if you set up your controller to use your account.ui.com address and enable two-factor for device authentication, SSH access will not work.

If you do not know the AP username and password, you will need to factory reset the AP like in the “Resetting the Access point Default Password” section or use the controller to access the AP.

But you can also use the controller to reset the username and password globally. This action affects all adopted APs on your network.

To reset the credentials for all access points on your network:

1. Open the controller, and select the settings (gear) icon.

2. Navigate to System Settings —> Controller Configuration.

Controller Configuration sits in "System Settings
Controller Configuration sits in “System Settings

Now select Device SSH Authentication and change the Username and/or Password (or add SSH Keys for public-key authentication).

Avoid using “root” as the username as it’s a special user on the Linux-based operating system of the access point.

Configuring Device SSH Authentication Settings
Configuring Device SSH Authentication Settings

Finally, click the Apply Changes button to save the changes.

Conclusion

In this tutorial, you’ve learned that there’s nothing you can do from the console of Unifi AP that you can’t also do from the controller. But still, knowing how to SSH onto Unifi AP is a handy exercise. This access method lets you quickly check and automatically pull information, such as the current AP firmware.

You can also SSH to an AP to update the firmware, which could be automated via SSH if you have many devices, rather than clicking through the web GUI of the controller.

Now how do you plan to build upon this newfound knowledge? Perhaps use SSH to integrate the AP into a configuration management system, such as Salt or Ansible, to automate updates?

Subscribe to Stay in Touch

Never miss out on your favorite ATA posts and our latest announcements!

Looks like you're offline!