×

UniFi - UDM: How to Login to the Dream Machine using SSH

Overview

Readers will learn how to log into the UniFi Dream Machine (UDM or UDM-Pro) using Secure Shell (SSH). 

NOTES & REQUIREMENTS:
  • Applicable to the UniFi Dream Machine models (UDM/UDM-Pro).
  • Only follow these steps if there is a good reason to do so and you are unable to manage the Dream Machine using the Web UI.

Table of Contents

  1. Frequently Asked Questions (FAQ)
  2. Logging in using SSH
  3. Related Articles

Frequently Asked Questions (FAQ)

What is SSH and what kind of program do I need to log in to the UDM/UDM-Pro?

SSH stands for Secure Shell and is a way to access the Command Line Interface (CLI) on the UDM/UDM-Pro. From the command line shell you can run specific commands to display log messages that contain information on the device. It is also possible to restart the device, reset it to factory defaults, or upgrade the firmware via SSH. This is mainly useful for troubleshooting purposes.

Similar to opening a browser session to access the Web UI on the Dream Machine, SSH can be used to open a command line session. The Web UI session uses a server-client connection, where the webpage is running on the Dream Machine (server) and the browser is running on the workstation (client). Similarly, SSH uses an SSH server (UDM/UDM-Pro) and an SSH client (workstation.

There are many different programs that provide the SSH client functionality. On macOS and Linux computers, the Terminal can be used to open an SSH session using the ssh command. The format is:

ssh <username>@<ip-address>


To connect to the UDM/UDM-Pro that is using the default 192.168.1.1 IP address and root username, run:

ssh root@192.168.1.1


Windows users can either install the Windows 10 OpenSSH client or use a third-party program such as PuTTY to connect using SSH. The OpenSSH client uses the same format as the macOS/Linux command above. An example of a PuTTY session that connects to the default 192.168.1.1 IP address is:

putty.png

What are the SSH login credentials (username + password) for the UDM/UDM-Pro? 

The username used to log into the UDM/UDM-Pro is root, but the password will differ depending on the firmware version. Refer to the table below:

Device Firmware Release Username Password
UDM v1.7.0 and newer root Specified when enabling the SSH service
UDM-Pro v1.6.4 and newer root Specified when enabling the SSH service
UDM Pre v1.7.0 root Password of Ubiquiti SSO account used to login to UDM
UDM-Pro Pre v1.6.4 root Password of Ubiquiti SSO account used to login to UDM-Pro

On the newer UniFiOS firmware releases (v1.7.0+ for UDM and v1.6.4 for UDM-Pro), the SSH service is disabled by default and needs to be manually enabled from the Settings > Advanced section. After enabling the service, you can specify the password for the SSH (root) user account. See the section below.

On older firmware releases (pre v1.7.0 for UDM and v1.6.4 for UDM-Pro), the password is automatically set to the password of your Ubiquiti (UI) account and the username is root. For example, if you log into the UDM/UDM-Pro Web UI using the account@ui.com email address and password mysecretpassword, then the SSH login credentials are:
Username: root
Password: mysecretpassword
Can I log in using any of the LAN ports or via the Wireless (Wi-Fi) network?

Yes, on the UDM-Pro you can connect to any of the RJ45 LAN ports (port 1-8) or the LAN SFP port (port 11). On the UDM, you can connect to any of the RJ45 LAN ports (port 1-4) or the Wireless network.

How can I verify if the SSH service is enabled on the UDM/UDM-Pro?

The SSH service is enabled by default on older firmware releases (pre v1.7.0 for UDM and pre v1.6.4 for UDM-Pro) after completing the setup.

On the newer UniFiOS firmware releases (v1.7.0+ for UDM and v1.6.4+ for UDM-Pro), the SSH service is disabled by default and needs to be manually enabled from the Settings > Advanced section. After enabling the service, you can specify the password for the SSH (root) user account. See the section below.

The username used to log into the UDM/UDM-Pro is root, but the password will differ depending on the firmware version. Refer to the table below:

Device Firmware Release Username Password
UDM v1.7.0 and newer root Specified when enabling the SSH service
UDM-Pro v1.6.4 and newer root Specified when enabling the SSH service
UDM Pre v1.7.0 root Password of Ubiquiti SSO account used to login to UDM
UDM-Pro Pre v1.6.4 root Password of Ubiquiti SSO account used to login to UDM-Pro
My workstation cannot connect with SSH to the UDM/UDM-Pro, what should I do?

Verify if you can ping the IP address of the UDM/UDM-Pro from your workstation, which is set to 192.168.1.1 by default. You can run the ping command from the macOS/Linux Terminal or from a Windows Command Shell (CMD) or PowerShell window. For example:

:~ root$ ping 192.168.1.1 -c 4
PING 192.168.1.1 (192.168.1.10) 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.680 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.535 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.501 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.560 ms

--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.501/0.569/0.680/0.067 ms
C:\WINDOWS\system32> ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
NOTE: You can also ping the unifi hostname instead of the IP address.


If you cannot ping the device, make sure that the network adapter on your workstation is set to DHCP and has obtained an address from the UDM/UDM-Pro. You can verify the IP address with the ifconfig command on macOS/Linux and the ipconfig /all command on Windows.

If you are using the UniFiOS firmware releases (v1.7.0+ for UDM and v1.6.4+ for UDM-Pro), on the Dream Machine, then make sure that the SSH service is enabled from the Settings > Advanced section. 

Logging in using SSH

The diagram below shows an example setup where the wired and wireless clients are directly connected to the UDM/UDM-Pro and are using an IP address in the 192.168.1.0/24 range.

topology.png

Example setup where the SSH server is running on the UDM/UDM-Pro and a SSH client program is being used on a workstation.

Follow the steps below to connect to the UDM/UDM-Pro using SSH:

UniFiOS / Newer Firmware
Older Firmware

Follow these steps if your UDM/UDM-Pro is using a newer UniFiOS firmware release:

  • v1.7.0+ for UDM
  • v1.6.4+ for UDM-Pro

On the UniFiOS firmware, the SSH service is disabled by default and needs to be manually enabled from the Settings > Advanced section.

GUI: Access the Admin Web UI on the UDM/UDM-Pro.

1. Connect your workstation directly to one of the LAN ports on the UDM/UDM-Pro or to the Wi-Fi network on the UDM.

2. If the UDM/UDM-Pro is using the default LAN network settings, your workstation will receive an IP address in the 192.168.1.0/24 range. 

3. Open a compatible web browser such as Google Chrome and navigate to the Admin Web UI at https://unifi or https://192.168.1.1

4. Log in using your UI.com credentials. 

login-gui.png

5. Navigate to the  settings.png  Settings menu.

6. Select the  settings.png  Advanced tab and enable the SSH service.

enable-ssh.png

7. A new window will open, asking you to provide the password of the SSH user account. This password does not have to match your UI.com login credentials.

8. Enter and confirm the SSH password and select Confirm. The SSH server is now enabled.

password-ssh.png

NOTE: The SSH user account name is root.

9. After enabling the service, you can connect to the SSH server (UDM/UDM-Pro) from your workstation.

CLI: Access the Command Line Interface on the UDM/UDM-Pro using SSH.

10. Open a SSH session using your favorite SSH/Telnet client program (for example PuTTY or the macOS/Linux Terminal).

 windows.png  Windows Client

1. Download PuTTY and open the putty.exe executable file. 

2. Fill in the below settings and select Open.

Host Name (or IP address): 192.168.1.1
Port: 22
Connection type: SSH

putty.png

NOTE: You can also connect to the unifi hostname instead of the IP address.


3. Accept the SSH security alert if prompted.

4. Login using the root user account and your previously configured password (Step 8 above):

Username: root
Password: <password>

 macos.png  macOS client

1. Open the macOS Terminal by searching for Terminal in the Launcher or by navigating to the Finder > Applications > Utilities section.

2. Using the ssh command and specify the username of the UDM/UDM-Pro followed by the @ symbol and the IP address.

ssh <username>@<ip-address>


3. To connect to the UDM/UDM-Pro that is using the default 192.168.1.1 IP address and root username, run:

ssh root@192.168.1.1
NOTE: You can also connect to the unifi hostname instead of the IP address.


4. Accept the SSH security alert if prompted.

5. Enter your previously configured password (Step 8 above) to log in:

Username: root
Password: <password>

The image below shows an example of the process:

login-ssh.gif

If you are unable to connect to the device, then verify if your workstation has obtained an IP address from the UDM/UDM-Pro. You can optionally restart your workstation or renew the DHCP lease manually to obtain a new IP address:

 windows.png  Windows Client

Open a Command Shell (CMD) or PowerShell window and run the following command:

ipconfig /renew


Run the command below to verify if an IP address was obtained.

ipconfig /all


Alternatively, you can disable and re-enable the Ethernet adapter in the following section:
Settings > Network & Internet > Status > Change Adapter Options

 macos.png  macOS client

Navigate to the advanced network settings for the Ethernet adapter:
System Preferences > Networks > Ethernet Adapter > Advanced

Select the TCP/IP tab and then click on the Renew DHCP Lease option. Here you can also verify if an IP address was obtained.

Follow these steps if your UDM/UDM-Pro is using a older firmware release:

  • Pre v1.7.0 for UDM
  • Pre v1.6.4 for UDM-Pro

On the older firmware, the SSH service is enabled by default and requires you log in using the root username and the password associated with your Ubiquiti (UI) account. For example, if you log into the UDM/UDM-Pro Web UI using the account@ui.com email address and password mysecretpassword, then the SSH login credentials are:

Username: root
Password: mysecretpassword
CLI: Access the Command Line Interface on the UDM/UDM-Pro using SSH.

Open a SSH session using your favorite SSH/Telnet client program (for example PuTTY or the macOS/Linux Terminal).

 windows.png  Windows Client

1. Download PuTTY and open the putty.exe executable file. 

2. Fill in the below settings and select Open.

Host Name (or IP address): 192.168.1.1
Port: 22
Connection type: SSH

putty.png

NOTE: You can also connect to the unifi hostname instead of the IP address.


3. Accept the SSH security alert if prompted.

4. Login using the root user account and the password of your Ubiquiti (UI) account:

Username: root
Password: <ui-account-password>

 macos.png  macOS client

1. Open the macOS Terminal by searching for Terminal in the Launcher or by navigating to the Finder > Applications > Utilities section.

2. Using the ssh command and specify the username of the UDM/UDM-Pro followed by the @ symbol and the IP address.

ssh <username>@<ip-address>


3. To connect to the UDM/UDM-Pro that is using the default 192.168.1.1 IP address and root username, run:

ssh root@192.168.1.1
NOTE: You can also connect to the unifi hostname instead of the IP address.


4. Accept the SSH security alert if prompted.

5. Enter the password of your Ubiquiti (UI) account to log in:

Username: root
Password: <ui-account-password>

The image below shows an example of the process:

login-ssh.gif

If you are unable to connect to the device, then verify if your workstation has obtained an IP address from the UDM/UDM-Pro. You can optionally restart your workstation or renew the DHCP lease manually to obtain a new IP address:

 windows.png  Windows Client

Open a Command Shell (CMD) or PowerShell window and run the following command:

ipconfig /renew


Run the command below to verify if an IP address was obtained.

ipconfig /all


Alternatively, you can disable and re-enable the Ethernet adapter in the following section:
Settings > Network & Internet > Status > Change Adapter Options

 macos.png  macOS client

Navigate to the advanced network settings for the Ethernet adapter:
System Preferences > Networks > Ethernet Adapter > Advanced

Select the TCP/IP tab and then click on the Renew DHCP Lease option. Here you can also verify if an IP address was obtained.

Related Articles

Intro to Networking - How to Establish a Connection Using SSH

UniFi - Dream Machine Getting Started

UniFi - Accounts and Passwords for Controller, Cloud Key, and Other Devices

UniFi - UDM and UDM-Pro Emergency Recovery UI

Was this article helpful?
25 out of 55 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community