Change the USG LAN IP before adoption

I recently bought an Ubiquiti USG and had to ‘adopt’ it into an existing network, using a 10.0.0.0/24 subnet.

This requires the default ip address on the USG of 192.168.1.1/24 change to an ip address that can be reached on the existing network. To be more precise, the Unifi controller needs to be able to reach the USG in order to be able to adopt it.

• Connect a laptop or desktop to the USG on the LAN1 port, make sure the nic is setup to receive an ip address via DHCP
• Ping the USG to see whether it’s reachable: ping 192.168.1.1
• SSH into the USG with the user ubnt and the password ubnt
• Issue the commands below to change the ip address of the USG:

configure
set interfaces ethernet eth1 address 10.0.0.1/24
delete interfaces ethernet eth1 address 192.168.1.1/24
commit
save

• The SSH session wil drop and you can connect the USG to the existing network.

Use ssh keys with your Ubiquiti user

To secure your Ubiquiti user account, you can add your ssh key to the account.

Assuming your on Linux or macOS, these are the steps (make sure you use the IP address of your EdgeRouter):

On your system

cd ~/.ssh
scp ~/.ssh/id_rsa.pub 192.168.1.1:/tmp  

On your EdgeRouter

configure
loadkey admin /home/admin/id_rsa.pub
commit
save
exit

Unfortunately, this gave me:

Not a valid key file format (see man sshd) at /opt/vyatta/sbin/vyatta-load-user-key.pl line 96, <$in> line 1.

The solution is to take the key part out of your id_rsa.pub file en specify the key and the key type both in the configuration tree.

configure
set system login user admin authentication public-keys user@host key ***KEY-BODY-HERE***
set system login user admin authentication public-keys user@host type ssh-rsa
set service ssh disable-password-authentication
commit
save
exit