All Unifi SSH Commands that You Want to Know

53 thoughts on “All Unifi SSH Commands that You Want to Know”

1. Hi guys,
   Is there any way one can backup airMAX ac radios via ssh?

2. Thank you for compiling this list Rudy.

   I’m able to successfully initiate the adoption of an AP AC Pro via SSH using the set-inform command. However, I’m curious if anyone successfully confirmed the adoption on the Cloud Key end via SSH as well, as opposed to using the web GUI.

   If so, what is the command to do this?

   Thanks!

3. Firstly, can anyone confirm that the only way to turn off a radio on any Unifi access points including devices that are also gateways such as the UDR and Unifi Express is through SSH? I don’t mean disable the SSID or pause the wifi connection. I mean physically power down the radio to conserve power or simply to reduce radiation and interference.

   If the only way to do this is with SSH, what are the steps of doing this? I want to turn off the radio for the 2.4GHz band on a Unifi Express because I only want to use the 5GHz radio. Also, once in a while, I want to turn off all radios altogether.

   • It’s possible to turn them of through ssh, but the problem is that they come back online after a couple of minutes.

4. Please delete that first message: I didn’t catch the autocorrect error.

   Is there a command to boot to a backup?

   What exactly is covered relative to backups? Will it fix the SSL certs if they’ve bee mangled?

   • No, the backups only cover the UniFi setting. Not the complete device with firmware etc.

5. Anyone have CLI commands for L2TP IPsec VPN, I need to change the ESP DH Group to 20, GUI only lists 1-18. Thanks in advance

6. Here are all new commands regarding restarting:

   systemctl restart unifi-protect

   systemctl restart unifi

   systemctl restart unifi-core

7. Any idea of the CLI command to update remote endpoint IP on ipsec site to site tunnel on a UXG Pro?

8. Full list of Unifi OS commands:
   ubnt-systool help

9. Thanks for putting this list of commands together. It is very helpful. Do you know how I can revert my Dream Machine Pro to an older version? It just auto updated and I cannot get to the web UI. It is stuck displaying the message “UniFi Dream Machine Booting”. However, the unit does seem to work OK.

   I have not tried power cycling it since it is critical to my day-to-day work.

   Thanks in advance for your help.

   • You can’t downgrade controllers. Only option is to restore an backup or reset the device as far as I know. Might be a good idea to contact UniFi Support about this first 😉

10. I am connected to a LAP120 with SSH (I am used to unifi devices).

    The command prompt is WA# ?

    I tried info and got -sh: info: not found

    I was looking to see if it’s configured / factory reset / status.

    Advice?

    • This is an AirMax device, so the commands will be different than the UniFi products. Have you tried help or simply ? ?

11. Great compilation, thank you! It’s a more readable list of this reddit thread:
    https://www.reddit.com/r/Ubiquiti/comments/k2g8sk/some_useful_udmudmp_ssh_commands/

    Question: do you know where the site to site VPN settings are stored? I have a mutual auth OpenVPN config file but the UI is requiring a user/password entry..

    • I have no idea.

12. This is really useful, thanks Rudy. Just one note on the comments, where you suggest people check out a link (I think twice above) there is no link to follow.

    • Do you mean in the comments? I see that the links are not underlined indeed, making them hard to notice. I will change that.

13. passwd Changes the ADMIN password

14. Thanks for the great List. My ManagementConsole for the USG and my DNS-Server ist running on RaspberryPi and when there is an error i would like to change the DNS-Entry in the USG. Therefore i tried the Line: echo “nameserver 192.168.1.1” > /etc/resolv.conf but the answer were: -vbash: /etc/resolv.conf: Permission denied
    What must i do for working? Thank you, Roland

    • Roland, did you do that with sudo – you need to put sudo in front of the command for raised privileges

15. Hi Rudy,
    Cool list.

    /etc/init.d/S95unifios restart is not working on my UDM PRO SE. Would tyou know any other way to restart the web interface?

    Thanks

16. With controller outside the LAN and a simple setup at a client site – 2 Unifi access points both wired to a verizon router. And too far apart to mesh:

    1 access point shows as isolated in controller (AND /BUT last seen a few seconds ago), meaning it meshed with the other access point? That wouldn’t be possible because of distance between them. User says that access point does get them on the internet.

    I turned off wireless connectivity monitoring for this site in the controller
    I can start the debug terminal on the working access point.
    I can’t ping the problem access point (if it wants to mesh, does it turn off the wired ethernet port?)

    I was hoping to ssh from working access point to the problem access point to reset it / see what it says the controller is. Is that possible? SSH from 1 to another access point?

    Is there an SSH command to ping an IP range to show what IPs are live to see if I can see if the problem access point is on the network / has a new IP address?

    • No, you can’t ping an IP Range with a command.

    • Hi Adam, you can ping in a for loop – like this. You need to use sudo otherwise the -c wont work. The -c only does a single ping otherwise it will continuously do it.
      > for i in {1..10}; do sudo ping -c 1 192.168.1.$i; done

17. An example of another useful command to power cycle PoE devices is:

    swctrl poe restart id 1-6,18,24

18. Is there a way I can initially ssh into a U6-Pro that’s been set up with out a controller? I obviously do not have my public key stored on the device, yet.

    • Yes, check this article.

19. what command can i use to check the arp timeout period of my ubiquiti switch

20. I have a UNVR that I needed to restore with a backup file that I have. The restore failed on restoring the Users but was successful restoring all the other config and cameras. I’m still able to SSH into it, but when I try to use the SSON access, I’m not able to access it. Is there anyway to add a user and password using SSH?

    • Check this article from Hostify

21. ‘syswrapper.sh restore-default’ and ‘mca-cli’ are both missing from the list but ‘syswrapper’ is common IMO. Also what is the difference between ‘set-default’ & ‘syswrapper.sh restore-default’? Any examples would be helpful as I’m new to UniFi. TIA!

22. Hello Ruud, thanks for your very useful post.
    I have a UC-CK controller in OFFLINE status (seen from network.unifi.ui.com).
    But i can succesfuly ssh to the controller itself, the ifconfig configuration in OK and i can ping local and remote IPs and remote FQDN (so DNS is working fine).
    I have already rebooted the controller but no luck.
    Can you help me?

    • Has the controller ever connected successfully to the cloud? If the UCK is behind a firewall, make sure that ports Ports 80/tcp, 3478/udp, 8543/tcp and 11143/tcp are open in the firewall.

23. ping6 to ping ipv6 of a site
    cat /var/proc/cpu to get hardware spec of the CPU for the device similarly for memory

24. most of these don’t work on my UDMP…. for example there is no ubnt-tools in the unifi-os context… ?

    • If you type help then the command ubnt-systool won’t be listed. But when you run the command ubnt-systool cpuload, you will see the CPU load on the next line. The can be a bit unclear because depending the on terminal that you are using, you might see a # behind the output.

25. Really minor… under Network related SSH Commands above, you show an example of arp – but your example has a typo: ‘apr -a’ instead of ‘arp -a’ 🙂

    • Thanks

26. Is there a command to change the GUI admin password? This would be helpful if the GUI password is lost but you still have root SSH access.

    • GUI password from the Unifi Network Controller? Depends if you are using SSON with unifi.ui.com or local access only.

27. I believe the command to reset a device to default is: syswrapper.sh restore-default

    • Older firmware versions like v2.2.x, don’t support the new set-default cmd. These days you can basically always use set-default.

28. Thanks for the list above, only one to add is:
    Unifi OS shutdown command = ubnt-systool poweroff

    • Thanks, I have added it to the list.

29. I’ve got a USG-4 and almost none of these commands work.

    Does one need to “enable” or similar command to get the additional commands to work?

    I’m trying to determine which IPs are connecting through a port forwarding rule I have set up. I want to lock it down.

    • The USG runs on EdgeOS, check out this article for more information.

30. Thank you, a lot! This solved my problem!

31. Thank you, Rudy. I’ll let you know how it pans out.

32. I ran through to add the IP, gateway and DNS. Everything works until I reboot.

    • What exactly doesn’t work after reboot?

33. Love it! Thank you. BTW, I’ve been unable to find the most important one to me. With the older APs no longer supported, I set them up as standalone which has a mind of its own and never takes my SSID, renaming or security settings. Do you know the CLI command to change the SSID via CLI? Love your site. Thanks, again.

    • I don’t know if there is an SSH command for it, but you can try to modify the system.cfg file:

      cat /tmp/system.cfg | grep OLDSSID

      Don’t know if it will work, you will have to try it out