A new (or second-hand) Ubiquiti Unifi Access Point (AP) can be an intimidating beast. Setting up Unifi APs is different from most other networking equipment you may come across. But don’t worry, learn how to SSH into a Unifi AP (access point) in this tutorial.
Ready? Read on to get started!
Table of Contents
This tutorial comprises hands-on demonstrations. To follow along, ensure you have the following in place.
- A Unifi access point. This tutorial uses a UAP-AC-Lite model, version 5.43.52.
- An SSH client. This tutorial uses the Windows SSH client from a PowerShell prompt on Windows 11 Build 22518, but any SSH client will work.
- A Unifi controller (Ubiquiti) version 6.2.26 is used in this article.
Identifying a Previously Adopted Access Point
Before you can SSH into a Unifi AP, you must first determine if the AP was previously adopted or not. A controller centrally manages all Ubiquiti devices with an access point. An access point that a controller has claimed (associated with) is referred to as “adopted” while a new or factory rest AP is “unadopted”.
To view an AP’s status, open your favorite browser, and log in to your controller by connecting to the URL and filling in the username and password fields.
Next, click the AP icon on the left-hand side to display the device listing.
The image below shows two APs connected to a controller. The first AP (denoted by a white status dot) is claimed by another system, while the controller claims the second AP (denoted by a green status dot).
Note the IP addresses of both APs like the ones below, as you’ll need them to access both APs later.
If you cannot see the AP in the devices page of the controller (or you haven’t set up a controller yet), try your DHCP server. The AP can usually be found on your internet router and should list all of the devices on your network with their IP and MAC addresses.
You don’t need to know what a MAC address is, but know it’s on a label on the underside of the access point called “MAC ID.” Match the MAC address on your AP to an IP on your network, and you are good to go.
The status of the access point makes a difference as to which username and password that you use to connect to the AP. For an unadopted access point, or one which has been recently reset, the SSH credentials will be (depending on the firmware):
But for the unadopted access point used in this tutorial, the credentials are
ubnt for the username and
ubnt as the password. Take note of the username and password, as you’ll need them to access the unadopted AP in the following section.
If the access point is adopted, the credentials will be root/your-SSO-account’s-password (account.ui.com).
Accessing an Unadopted Access Point
Once you know your access points’ state, you can now access them, but first, start with accessing the unadopted one.
If the access point has been previously adopted, the username and password may have been reset, so jump to the “Accessing an Adopted Access Point” section.
Open a terminal, and run the command below to SSH into the AP. When prompted, enter the unadopted AP’s password you noted in the “Determining if the AP has Previously Been Adopted” section.
If the SSH session is successful, you’ll get a BusyBox built-in shell (ash) message like below.
If the credentials do not work, reset the access point by performing the reset procedure on your AP.
Resetting a Previously Adopted Access Point
Now that you can access an unadopted AP via SSH, you can also access a previously adopted AP. But first, you’ll reset the previously adopted AP. Doing so sets the AP in a ready-to-be “adopted” state by your controller.
Resetting an AP causes downtime. So ideally, only try this on an Access Point that is not yet in use unless you’re prepared to face some angry users.
set-default command below to clear Unifi access points config and reboot the AP, which takes a few minutes to complete. This command puts the AP into the same state as using the physical reset switch on the device.
Resetting an Access Point’s Default Password
Not leaving your network settings on default is a sensible idea. A new username and password will automatically be set up with new details for your network when you adopt a device. So to be on the safe side, reset the default password now.
passwd command at the shell prompt, and then enter a new password and confirm it.
Accessing an Adopted Access Point
Perhaps you have an adopted AP; how do you access it? SSH into the AP using the username and password you set up when configuring the controller.
Note that if you set up your controller to use your account.ui.com address and enable two-factor for device authentication, SSH access will not work.
If you do not know the AP username and password, you will need to factory reset the AP like in the “Resetting the Access point Default Password” section or use the controller to access the AP.
But you can also use the controller to reset the username and password globally. This action affects all adopted APs on your network.
To reset the credentials for all access points on your network:
1. Open the controller, and select the settings (gear) icon.
2. Navigate to System Settings —> Controller Configuration.
Now select Device SSH Authentication and change the Username and/or Password (or add SSH Keys for public-key authentication).
Avoid using “root” as the username as it’s a special user on the Linux-based operating system of the access point.
Finally, click the Apply Changes button to save the changes.
In this tutorial, you’ve learned that there’s nothing you can do from the console of Unifi AP that you can’t also do from the controller. But still, knowing how to SSH onto Unifi AP is a handy exercise. This access method lets you quickly check and automatically pull information, such as the current AP firmware.
You can also SSH to an AP to update the firmware, which could be automated via SSH if you have many devices, rather than clicking through the web GUI of the controller.
More from Adam The Automator & Friends
Get this interactive comic book to learn how Veeam and AWS can help you fight ransomware, data sprawl, rising cloud costs, unforeseen data loss and make you a hero!
ATA is known for its high-quality written tutorials in the form of blog posts. Support ATA with ATA Guidebook PDF eBooks available offline and with no ads!
Check out all of the ATA recommended resources!