Unix Greybeard

Connecting to an old Unifi AP via SSH

In vibrant new TechniBW

Also called, “what to do when encountering the following Error: No matching host key type found. Their offer: ssh-rsa,ssh-dss” ??

I’ve got a super old UAP-LR I still manage with an old version of the Unifi Controller locally, since I barely use WIFI for anything and I am just not interested in upgrading. However, every once in a while I need to get in and tinker with something manually, and I’m finding the older the stuff gets the harder it’s been for me to be able to get on the device, even when using the same process

Therefore, I wanted to make sure to make this available to others in case they’re having the same issue – I can’t imagine I’m the only one…

Substitution examples:
$USER = SSH username, as configured in the Unifi controller site page (below)
$UNIFI_DEVICE_IP = 192.168.1.20 (default)
$UNIFI_CONTROLLER_IP = 192.168.1.30 (self-configured)

Defaults for older devices:
If you’ve never set up the device before, the username is ubnt and the password is ubnt – try these if the ones listed in the Site menu of the controller don’t work

  1. Check password and ssh key in Unifi Controller site settings: https://$UNIFI_CONTROLLER_IP:8443/manage/site/default/settings/site
  2. Make sure you have a copy of the same key in your .ssh folder, in my case, I created this keyfile for my old UAP-LR: id_ubnt{,.pub} and had already uploaded it to the Unifi Controller under the link mentioned above (For reference, I’m running controller version 6.0 on Debian 12 so I can continue to manage my old broadcom-based UAP)
  3. Specify the key when connecting, e.g:
    ssh -i /home/avery/.ssh/id_ubnt $USER@$UNIFI_DEVICE_IP
  4. If you get the error: Unable to negotiate with $UNIFI_DEVICE_IP port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss specify host algorithm explicitly:
    ssh -o HostKeyAlgorithms=+ssh-rsa -i /home/avery/.ssh/id_ubnt $USER@$UNIFI_DEVICE_IP
  5. If you are still getting errors, check SSH version – newest versions apparently cannot connect despite mitigations shown above – here’s a real-world example:
Bash
# fedora 41 (my desktop OS) is unable to connect
ssh -V
OpenSSH_9.9p1, OpenSSL 3.2.4 11 Feb 2025


# Debian 12 (my controller VM OS) is able to connect
ssh -V
OpenSSH_9.2p1 Debian-2+deb12u5, OpenSSL 3.0.15 3 Sep 2024

Btw, if anyone is looking for an older version of the Debian Unifi controller software, this is where I got mine: GlennR Unifi installation scripts

Good luck!

Avery Freeman

Leave a Reply

Your email address will not be published. Required fields are marked *