Install SSH Server on Linux (Debian, Ubuntu, Fedora, CentOS, RedHat)

Debian / Ubuntu

sudo apt-get install -y openssh-server

RPM based Distros, Fedora / CentOS / RedHat

sudo dnf install -y openssh-server

or use yum

sudo yum install -y openssh-server

Start ssh service

sudo systemctl start sshd

By default the SSH service should start when the system starts, but if not try the following command to enable the service on boot up.

Debian / Ubuntu

systemctl enable ssh

Fedora, CentOS, RedHat

systemctl enable ssh

Change SSH port

Not necessary, but it is a good idea to change the default ssh port.  To change the port edit the sshd file.

vi /etc/ssh/sshd_config

Upgrade Firmware on Ubiquiti Airmax Equipment from the Command Line/SSH

Upgrading the firmware via the command line is super easy.  Basic steps are

  1. Upload firmware file to radio using ftp, scp, or download directly to radio using wget
  2. Move the firmware the /tmp and rename to fwupdate.bin
  3. Upgrade the firmware by running
ubntbox fwupdate.real -m fwupdate.bin

More Detail explanation

Downloading Firmware to Radio

There are a couple of ways to get the firmware uploaded to the radio

  1. Download from Ubiquiti’s website and upload via ftp, scp, filezilla or like
  2. Download directly to the radio using wget

Using wget

ssh into the radio.  Change username and ip address as needed.

ssh ubnt@

cd to the /tmp directory

cd /tmp

Find the firmware file on Ubiquiti’s website, accept the terms, copy the link and paste the link in the terminal after wget.  Replace the below link with the appropriate firmware link.


Installing Firmware

Rename firmware

mv *.bin fwupdate.bin

Start the upgrade

ubntbox fwupdate.real -m fwupdate.bin

The radio will now upgrade and reboot

Another Method.  Using the script

Another way to upgrade a radios firmware from the command line is to use the UBNTMOD tool.  More info on the UBNTMOD script is available here.

Make sure you have the firmware downloaded to your computer and run with the “-U” upgrade option.


bob@localhost:~$ ./ -i -U WA.v8.4.2.35930.171017.1722.bin

Run Speedtest on Ubiquiti Devices from Command Line

This utilizes iperf to test the speed between two Ubiquiti devices.

SSH into first device and start iperf server on one device

iperf -s

SSH into the second device and run the following command to start the speedtest.  Change the ip address to the iperf server ip.

iperf -c -P5

The “-P” Option sets the thread count to 5.  It makes the test a little bit more realistic.


XM.v5.6.9# iperf -c -P5
Client connecting to, TCP port 5001
TCP window size: 16.0 KByte (default)
[  5] local port 51493 connected with port 5001
[  9] local port 51497 connected with port 5001
[  6] local port 51494 connected with port 5001
[  8] local port 51496 connected with port 5001
[  7] local port 51495 connected with port 5001

[ ID] Interval       Transfer     Bandwidth
[  9]  0.0-10.0 sec  4.91 MBytes  4.12 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  6]  0.0-10.0 sec  4.97 MBytes  4.16 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  8]  0.0-10.0 sec  4.86 MBytes  4.08 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  7]  0.0-10.0 sec  4.94 MBytes  4.13 Mbits/sec
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-10.0 sec  5.00 MBytes  4.19 Mbits/sec
[SUM]  0.0-10.0 sec  24.7 MBytes  20.7 Mbits/sec


How To export private SSH key on Linux

All that needs to be done is the “id_rsa” key needs to be copied to the “new” host.  You can do this with SCP or sftp.

Example with SCP

The following examples are showing how to export a RSA private key, if your using DSA, then replace id_rsa with id_dsa.

Copy private key from remote server to local machine for the local user

scp root@ ~/.ssh/

Copy private key from localhost to remote host.  This command copies the local users private key to the root user @

scp ~/.ssh/id_rsa root@


Allow SSH access from a specific host using hosts.allow and hosts.deny on Linux

This is just a quick write on the hosts.allow and deny files.  You can lookup “spawn” and/or “twist” for some advanced usage.


So to limit an IP address, or a IP range access to SSH, do the following

Deny all incoming request for SSH

Edit the “hosts.deny” file

vi /etc/hosts.deny

add the following line

sshd : ALL

Now edit “hosts.allow” and allow the client IP, or IP range to access SSH

vi /etc/hosts.allow

add the following line to allow a single IP

sshd :

If you want to allow the whole subnet, then replace the above line with this one

sshd : 192.168.1.

hosts.allow overrides hosts.deny.  So you deny everything and then allow exceptions.

How to install WordPress via ssh

Quick look at the commands.  Skip below to view the explanation of the commands

cd ~/
tar zxvf latest.tar.gz
vi wordpress/wp-config.php   <-- Edit MySQL settings
mv -R wordpress/ /var/www/html/
steve@localhost ~: chrome


SSH into your webserver


Download the latest version of WordPress

cd ~/ && wget

Extract the WordPress archive

tar zxvf latest.tar.gz

Create MySQL database and user

Refer to here if you want to do it from the command line.  The recommended way is through your web control panel i.e. cPanel, Plesk, EHCP etc.

Edit wp-config.php

Enter in the DB information.

vi wordpress/wp-config.php

Move WordPress files to web directory

mv -R wordpress/* /path/to/webdir

If you want to install WordPress inside a sub directory on your website i.e. instead of going to “” to access your WordPress site, you go to “”, then create a sub directory in your root web directory and move the WordPress files there.

Open up a browser and go to your website ( to finish the WordPress installation.


Set up ssh keys in zenoss 5

Here are the basic steps of how to setup ssh keys for zenoss.

  1. Log into the zenoss server
  2. Open up docker container
  3. Change to zenoss user
  4. Generate ssh keys
  5. Upload ssh keys
  6. Exit out of container
  7. Commit container


[root@zenoss ~]# serviced service shell -s AddingSSHkey -i zope bash
I0709 3:02:47.791788 01773 server.go:341] Connected to the control center at port
I0709 3:02:48.127949 01773 server.go:435] Acquiring image from the dfs...
I0709 3:02:48.131438 01773 server.go:437] Acquired!  Starting shell
Trying to connect to logstash server...
Connected to logstash server.
[root@321feeg2253a /]# su zenoss
[zenoss@321feeg2253a /]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/zenoss/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/zenoss/.ssh/id_dsa.
Your public key has been saved in /home/zenoss/.ssh/
The key fingerprint is:
12:ab:14:d5:54:09:d3:1f:f7:12:21:ae:hd:16:a5:1b zenoss@321feeg2253a
The key's randomart image is:
+--[ DSA 2048]----+
|     =====F      |
|    S+== + AA    |
|  A=+=++  +      |
| AB= .. + =      |
|  ++S S  +.      |
|   ..    -       |
|                 |
|                 |
|                 |
[zenoss@321feeg2253a /]# ssh-copy-id admin@
The authenticity of host ' (' can't be established.
RSA key fingerprint is 12:ab:14:d5:54:09:d3:1f:f7:12:21:ae:hd:16:a5:1b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'admin@'"
and check to make sure that only the key(s) you wanted were added.

[zenoss@321feeg2253a /]# exit
[root@321feeg2253a /]# exit
[root@zenoss ~]# serviced snapshot commit AddingSSHkey
[root@zenoss ~]# exit

Upload ssh key to multiple servers automatically

Here is a quick script I created to automate copying a ssh key to multiple remote servers.

Basic command – the command uses sshpass to upload the ssh key to a remote server, this allows you to execute the command and not have to enter in a password to authenticate.

sshpass -p password ssh-copy-id -o StrictHostKeyChecking=no admin@remotehost




for host in `cat ${remotehosts}`
sshpass -p${password} ssh-copy-id -o StrictHostKeyChecking=no ${username}@${host}
echo "Uploaded key to " ${host}

echo "Finished!"


Using the script

  1. Download here.
  2. Make it executable
    chmod +x
  3. Edit the script and change the username and password.
  4. Create a file that contains each host’s IP address or hostname.
  5. Run script (change hostlist.txt to your host list you created in step 3.)
    ./ hostlist.txt
  6. Wait for the script to finish.


chmod +x
sed -i s/admin/bob/g                      <-- Change username - you can just manually edit the file,
sed -i s/MyCoolPassword123/password/g     <-- Change password - it might be easier than using sed
echo "" >> host.txt                     <-- Add to the host list
echo "Bob" >> host.txt                               <-- Add hostname bob to host list
./ host.txt                                <-- Upload ssh key to all host's in the host file i.e. "bob" and ""

Ubiquiti AirMax SSH Commands

ssh ubnt@


list how many devices are connected.

wstalist |grep \"mac\" |wc -l
wstalist |grep -c \"mac\" 

List connected devices


List ip’s of connected devices

wstalist |grep \"lastip\" | awk '{print $3}' | sed s/\"/\ /g | sed s/,//g

List connected devices with the device name and ip address of device

wstalist |grep -A1 \"name\" | sed s/\"/\ /g | sed s/,//g | grep -v "\--"

List connected devices along with device name, and signal.

wstalist |grep -A6 \"name\" | grep -E -v 'rx|tx|associd|aprepeater' | sed s/\"/\ /g | sed s/,//g | grep -v "\--"




mca-status | grep signal

Signal, essid, frequency, noise, and ccq:

mca-status | grep -A4 essid

List basic info like device name, mac address, firmware version, platform, etc.

mca-status | head -n 1

Show Firmware Version:

mca-status | head -n 1 | awk -F, '{print $3}'