UNIFI user ids and password

due to "popular demand":

A) the plugin uses 3 different userid and passwords to get info from the unifi systems:

1. ssh to the unifi wifi AP and switches and gateway. it is a terminal command
2. http through curl or python request module to the controller to get data on devices stats etc. It uses the userid/password you use to login to the controller web interface
3. ssh to UDM(pro) devices

That can all be the same or different depending on YOUR setup. eg UDM likely will require root as user id for ssh

These userids and passwords are setup in the unifi controller

B) using ssh will leave a line w fingerprint in your hosts file (/Users/userid/.ssh/known_hosts) if you change the system or upgrade your RPi that fingerprint might change.
you need to delete that line (the liner the IP number) (*)

To check your userid password settings you can print config to the pluginlog file or switch on debug for expect / connection

As for the settings for the controller type: std/UDM/UDMpro for the web pages, Please check the "options below these fields". And you can use the "set parameter" button to preconfigure most of the fields for std/UDM/UDMpro.

also checkout this post for UDM setup: https://forums.indigodomo.com/viewtopic.php?f=199&t=23969
hope that helps a little

Karl

line in your known_hosts looks like:
192.168.1.xx ecdsa-sha2-nistp256 AAAAE2VjZHNxxxxxxdHAyNTYAAABBBF0uou7l3aByYhU3XKqoh6MOrvxqSGj54ifMcfDT+l5vGr17dQteFefjuz1OF7TwiOSj5ZqiWIXainunsrQHbmI=

Hi Karl,

Can the UnifiAP plugin use 2FA now that there was that breach?

Thank you,
Daniel

The connection to your local boxes does not use 2fa. Only when you go to to the UniFi Corp systems you need 2fa


Sent from my iPhone using Tapatalk

Hi Karl,

Thank you for the response - I'm getting this:
uniFiAP Error UNIFI executeCMDOnController login cmd:/usr/bin/curl --insecure -c /tmp/unifiCookie -H "Content-Type: application/json" --data '{"username": "USERNAME EXTRACTED", "strict": false, "password": "PASSWORD EXTRACTED"}' 'https://X.X.X.X:8443/api/login'
gives error: {"meta":{"rc":"error","msg":"api.err.Ubic2faTokenRequired"},"data":[]}
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 72 0 0 100 72 0 30 0:00:02 0:00:02 --:--:-- 30
100 142 100 70 100 72 27 28 0:00:02 0:00:02 --:--:-- 28

I take it that the error msg is that 2FA token is required - is this a no go for the plug-in?

Thank you,
Daniel

That’s because you Upgraded your controller software

To v 6. There the login is different.

I need to find 5 hours is one piece to do that.

Karl


Sent from my iPhone using Tapatalk

Ah, had overlooked that in the details...received the equipment from a kind friend and flashed it to most current after reset.


indigo is a love of a hobby and i appreciate your passion to write and upkeep these plugins! thank you!

-Daniel

Has UNIFI made some change that disables ssh?

I haven't made any manual changes on the UDM or in Indigo, but suddenly my log is filled with

Code: Select all

 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed to connect to 192.156.0.1 port 8443: Connection refused

   uniFiAP Error                   UNIFI executeCMDOnController error no json object: (wrong UID/passwd, ip number?192.156.0.1) ...>><<


And when I try to manually ssh from terminal I get "connection refused"

makes me wonder if UNIFI pushed some update that turns off ssh, maybe due to that whole data leak issue last month.

Everything on the UDM seems to be working properly besides ssh. I can log in to the UDM via the web interface.

I've got the same issue with my UDM (non-pro). Something must have changed on the uni side in the past week or two.

sorry forgot to update the indigo store page. try v .322

and you need to open config and make sure your uid/passwd are correct

Karl

Upgraded to the latest, but same issue. *Note I'm getting "connection refused"* which makes me think that something is wrong on the UDM side. Same error when I use terminal.

I'm unaware of any UDM feature that disables SSH after x number of failed attempts or some similar scheme. I tried disabling SSH in the UDM settings, then re-enabling it, and still the same results.

Next step is to reboot the UDM, but I'll wait on that to see if someone has a better idea.

I rebooted my UDM but no change in behavior. Agree that its got to be something on the UDM side as I can't log in either.

Man, this is a watermelon seed of a problem. press down on it and it squirts away.

Turns out even though the web interface has the ssh enabled, the dream machine UI itself (the thing you get by directing a browser to the UDM's IP directly without the 8443 port) did NOT show it enabled.

So now I can use terminal to log in to the UDM, but I'm still getting the 8443 connection refusal in the log.

I'm also getting "can't be reached" when I use a browser to go to http://192.x.0.1:8443/ (no there isn't an x in the address)

That doesn't sound encouraging. When I get a chance over the next couple of days I'll probably force a factory reset on my UDM. I shouldn't lose much in doing so. Might also be able to restore the configuration from my back-up.

Try port 443


Sent from my iPhone using Tapatalk

"didn't send any data" is what the web reply says when I try 443.