Using Public Key to SSH into EdgeRouter Lite

For a few years now, I’ve been a big fan of Ubiquiti Networks. I first upgraded to their EdgeRouter Lite ERLite-3 router back in 2015. Later I added their switch and WAPs. I wouldn’t exactly say this isn’t for your average home user, but, this isn’t for your average home user. I mean, I like that they have a pretty darn high quality Web UI admin interface, but overall, I think you have to be pretty comfortable with at least basic networking concepts to use it, and you have to be willing to be something of a do-it-yourselfer. If you just want plug-n-play, stick with your ISP’s router.

In my case, I was specifically looking for greater control over my network. With the “ease of use” on the ISP routers (and many of the over-the-counter alternatives), you lose some control. That’s OK for many. But anyhow, I digress. This is not a review of that router. Suffice it to say I find it to be a good power user option, and I actually enjoy tinkering with my network to eek out the last bit of performance while enjoying more control.

While you can do most things in the Web UI, including updating the entire config tree, many of the help posts on their forums offer you commands for the CLI. So it’s good to get comfy with that. And I much prefer going thru Terminal than the Web UI version. To do that, you use SSH, something like:

ssh myuser@192.168.1.1

The thing is, every time you do that, you have to type in your password. And if you’re like me, your password is not super easy to type. Besides, one of the niceties of ssh is the ability to leverage its RSA private/public key support. So the real point in this post is how to do that. If you haven’t already, generate yourself a key.

Copy and Use Your Public Key

I just used Terminal, like so.

  1. First, you probly put your key in your home as per usual, so go there: cd ~/.ssh I just prefer not dealing with paths in commands any more than I have to. Just a weird personal preference.
  2. Now you want to copy your key to the device: scp id_rsa.pub myuser@192.168.1.1:/tmp (you should have to type your password)
    Obviously, swap out the various bits:
    * id_rsa.pub — your public key file. BE SURE to copy the .pub. :) Also, if you used a space in the RSA key comment, you need to remove that. The EdgeRouter doesn’t play well with spaces there. It will use this bit as the “name” of the key in its config.
    * myuser — should be the username of the admin user that you log into your ERLite with.
    * 192.168.1.1 — the address of your router
  3. Now, ssh into that bad boy: ssh myuser@192.168.1.1. You’ll have to give your password this time. Don’t worry. It should be the last time. :)
  4. configure — this puts you into the configuration for the router.
  5. loadkey myuser /tmp/id_rsa.pub — again, swap in values for user and the name of your key file. This should work. If it says you have an unrecognized type, it probably means you have a space in the comment part of the file, so just swap in hyphens or something and try again.
  6. save — just to commit and save.
  7. If you want, you can type show system login myuser to see what it actually stored for you. Theoretically, you should also be able to put these values into the Web UI config tree editor. I tried that, but it didn’t work for me, for some reason. YMMV.

Now you should be able to exit and ssh again, and this time, it should use your key. If it doesn’t, ask a question on their forums. They are very helpful there.