Tag Archives: command line

Changing Ubiquiti Radio password from Command Line

Posted on by
Reply

Most configuration changes to Ubiquiti radios can be done on the command line by modifing them in /tmp/system.cfg and then applying the configuration. The device password is a little more complicated. The password is in the system.cfg config file, but it is hashed. To change the password, we must change the password via ssh, then update the config password hash to match the hash in /etc/passwd.

We’ll cover two ways to update the password for a Ubiquiti radio. The first method uses the UBNTMOD script. The second shows a more hands on approach.

Method 1: Using the UBNTMOD script.

Download the UBNTMOD script and make it executable.

wget http://incredigeek.com/home/downloads/ubntmod/ubntmod.sh
chmod u+x ubntmod.sh
./ubntmod.sh -y 'ubnt,ubnt' -p 'newpassword' -i 192.168.1.20 -z

-y is the current username and password pair
-p is the new password
-i is the radio IP
-z saves the changes without rebooting.

Method 2: Changing password over SSH

To change the password we need to:

  • SSH to the radio
  • Change the current password with passwd
  • Copy the hash from /etc/passwd to /tmp/system.cfg
  • Save changes with /usr/etc/rc.d/rc.softrestart save

SSH into radio

ssh ubnt@192.168.1.20

Change the Password with passwd

passwd is the default utility to change the password for a user. Simply run passwd and follow the prompts

Example:

XW.v6.1.12# passwd
Changing password for ubnt
New password: <-- Enter password here
Retype password: <-- Reenter password here
Password for ubnt changed by ubnt
XW.v6.1.12#

ℹ️Once you change the password with passwd, the password will change, but it wont be permanently saved until we copy the hash and then apply the change.

Copy Password hash to system.cfg

We can get the new password hash with

cat /etc/passwd

Example output:

admin:$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21:0:0:Administrator:/etc/persistent:/bin/sh

The section between the first and second colon, i.e., the two dots, “:”, is our hashed password. This is what we need to copy into the system.cfg config.

Edit the config file

vi /tmp/system.cfg

Find the line that starts with users.1.password= and replace everything after the equals sign with our new hash. For example:

users.1.password=$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21

ℹ️VI can be a little tricky to deal with, you can hit i, to enter insert mode, delete everything after the =, and then right click with your mouse to paste in the password hash.

Apply the new Password Permanently

Save the changes with /usr/etc/rc.d/rc.softrestart save command.

XW.v6.1.12# /usr/etc/rc.d/rc.softrestart save 
--- /tmp/.running.cfg.919
+++ /tmp/.system.cfg.919
@@ -81,7 +81,7 @@
 system.cfg.version=65546
 system.eirp.status=disabled
 users.1.name=ubnt
-users.1.password=$1$5FJMj2H$FbkP6UAb8yvfES0NUbPpzbQ <- Old Password Hash
+users.1.password=$1$QESek5FH$FUPpzbPbAvf0NUbYyJMj21 <- New Password Hash
 users.1.status=enabled
 users.status=enabled
 wireless.1.addmtikie=enabled
Fast users script build Success.
Fixup Startup_list …Done.
XW.v6.1.12#

ℹ️Your existing ssh connection should stay connected which can be handy if something did not work correctly. Launch another terminal, or log in the web interface, to verify that the new password works.

How to enable Ping Watchdog on Ubiquiti AirOS from Command Line

Posted on by
Reply

Ping Watchdog is a feature that will automatically reboot a device if the specified IP address is unreachable.

Here is a quick run down on enabling Ping Watchdog on Ubiquiti Radios from the command line.

1. SSH into the radio

ssh ubnt@192.168.1.20

2. Edit the config file

vi /tmp/system.cfg

Find the lines that start with pwdog

At a minimum, you will need to change the following two options:

  • pwdog.status to enabled
  • pwdog.host to the IP you want to ping. Add this line if it does not exist.
pwdog.delay=300
pwdog.host=192.168.1.1
pwdog.period=300
pwdog.retry=3
pwdog.status=enabled

You can adjust the other options to your desired taste.

Exit vi by hitting esc then typing in wq then hit Enter

3. Save configuration

Finally, save the configuration changes with

/usr/etc/rc.d/rc.softrestart save

Change VLAN ID Ubiquiti Radio from SSH

Posted on by
Reply

First we’ll need to ssh into the device

ssh ubnt@192.168.1.20

Next lets open up the config file 

vi /tmp/system.cfg

Now search for vlan and replace the vlan id with the appropriate number

In VI you can search by hitting / and then type in vlan

After you have changed all the vlan ids, save the file with esc, wq, enter.

Now we can save the config with

cfgmtd -f /tmp/system.cfg -w && reboot

Change UniFi User Password from Command Line

Posted on by
Reply
  1. SSH into the UniFi server
  2. Connect to MongoDB
  3. Find user ObjectId
  4. Update user info with new Password

You will need a hash of the password to put into the database. We don’t cover that in this post. You could copy the password from a different user account or use a different UniFi instance to change the password and then check the DB to find the hash.

SSH into the UniFi Server

ssh unifiadmin@unifiserver

Connect to MongoDB

Connect to Mongo by typing in the following.

mongo -port 27117

Then select the ace database by typing

use ace

Find user ObjectId

The admins are in the admin collection/table. Use the following command to list all the users and their name, email, and password hash.

db.admin.find({ }, { name:"" , email : "", "x_shadow" : "" })

Update user info with new Password

The following looks complex. Fortunately though you should be able to copy and paste. You should only need to change the
– ObjectId to your User Id
– Password Hash to your password hash

db.admin.update({"_id" : ObjectId("223abc5489de0a93be758493")}, {$set: { "x_shadow" : "$6$nwpi7.q2$OuD9/UZGZt5cD739Dt7j8Gb1uPtfU99p0DeDSurSNBZVizieUrFVFbRufiZMgOk2IaaDZN9BVmL9yUwQ2mC8f."}});

Note: The hash above is password. Not recommended for use.

You should receive a confirmation that it succeeded. Test the new password by logging into the UniFi Controller.

For more MongoDB commands, check out this post.

Get list of IP DHCP Leases from Mikrotik RouterOS Command Line

Posted on by
Reply

Sometimes it is nice to have a list of just the IP addresses and the hostname or mac address. Can be especially helpful when you are trying to get a list of devices to do a bulk update in LibreNMS. Helpful LibreNMS links for renaming and showing down devices

we are going to run the command to pull the DHCP information and then use Unix utilities to parse the data out.

Replace dhcp8 with the correct dhcp server in the mikrotik.

First, SSH into your Mikrotik router.

ssh user@mikrotik

Next we’ll want to go to the ip dhcp-server lease directory

/ip dhcp-server lease

Now we can run the following command to loop through and pull out all the info we need.
You can change the info like “mac-address” for something like “status”. You can use Tab to see what options are available. Just delete mac-address and hit tab twice.

:foreach i in=[find] do={ :put ([get $i address].",".[get $i mac-address].",".[get $i server].",".[get $i host-name ])}

Found the above helpful info from the following pdf file.

https://mum.mikrotik.com/presentations/PH18/presentation_5113_1516612695.pdf

Unable to Remove Authorized SSH Keys from AirOS

Posted on by
Reply

For some reason I ran into an issue where I can not remove authorized SSH Keys in AirOS version 6.3. It redirects to a 404 page and then to the main page.

Attempting to remove SSH keys in AirOS
404 Error while attempting to remove SSH keys

Thankfully, we can still remove the authorized keys from the command line. For more information on making changes over SSH, refer to the following post.

Ubiquiti AirOS – applying changes over ssh

SSH into radio. Replace username and IP address with your radios user and IP.

ssh ubnt@192.168.1.20

Open up config file

vi /tmp/system.cfg

Search for the lines that contain

the sshd.auth.key and remove them

Remove the sshd.auth.key lines

Save the file and write the configuration with

/usr/etc/rc.d/rc.softrestart save

Once the command completes, you should be good to go.

LibreNMS – Rename Host From Command Line

Posted on by
Reply

SSH into LibreNMS server

ssh user@librenms-server

cd into the LibreNMS directory

cd /opt/librenms

Rename host

sudo ./renamehost.php old-hostname new-hostname

Example:

Note you can use IP addresses if the device is using that as the host name

sudo ./renamehost.php 192.168.1.209 192.168.2

You may want to check out these posts

Show Down Devices From SSH – LibreNMS
Get list of IP DHCP Leases from Mikrotik RouterOS Command Line

Reset UniFi to Factory Defaults – Command Line

Posted on by
Reply

SSH into the UniFi. Note that the UniFi username and password get updated from the controller. Refer to here to find username and password.

ssh ubnt@192.168.1.20

run the syswrapper.sh script with the restore-default option. 

syswrapper.sh restore-default &
set-default &

Note that this changed. Used to, you could just run syswrapper.sh restore-default and it would reset. Now if you do that, it won’t reset, you’ll be able to ping the device, but you can’t ssh into it meaning you will need to physically reboot it.

Once the device is reset, log in over ssh and reconfigure.

Note that the username and password will now be ubnt/ubnt

Cambium Routers Command Line Info

Posted on by
Reply

Helpful commands. Maybe?

  1. nvram_set
  2. nvram_get
  3. nvram_get 2860 Password

Looks like most of the configuration scripts are in /sbin

Web from the /etc_ro/web/admin/managment.php

                                                                                                                                                                                     <fieldset>                                                                                                                                                                                                                                           <legend><script type="text/javascript">Capture(management.Web_Access)</script></legend>                                                                                                                                                      <table class="setting_block">                                                                                                                                                                                                                        <tr>                                                                                                                                                                                                                                                 <td class="head" id="remoteWebLogin"><script>Capture(management.Remote_Web_Login)</script></td>                                                                                                                                              <td>                                                                                                                                                                                                                                                 <select name="remote_web_login">                                                                                                                                                                                                             <option value="0" <% getCfgSelected("DBID_LAN_LOGIN_ONLY", "1"); %>><script>Capture(share.disable)</script></option>                                                                                                                         <option value="1" <% getCfgSelected("DBID_LAN_LOGIN_ONLY", "0"); %>><script>Capture(share.enable)</script></option>                                                                                                                          </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr id="WirelessHostLogin_tr">                                                                                                                                                                                                                       <td class="head" id="WirelessHostLogin"><script>Capture(management.wireless_access_web)</script></td>                                                                                                                                        <td>                                                                                                                                                                                                                                                 <select name="wireless_access_web">                                                                                                                                                                                                          <option value="0" <% getCfgSelected("wireless_access_web", "0"); %>><script>Capture(share.disable)</script></option>                                                                                    <option value="1" <% getCfgSelected("wireless_access_web", "1"); %>><script>Capture(share.enable)</script></option>                                                                                                                          </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr  id="web_login_access">                                                                            <td class="head" id="WebLoginWay"><script>Capture(management.way_access_web)</script></td>                                                                                                                                                   <td>                                                                                                                                                                                                                                                 <select name="way_access_web">                                                                                    <!--                                                                                    <option value="https" selected = "selected" <% getCfgSelected("way_access_web", "https"); %>><script>Capture(management.https)</script></option>                                                                                             -->                                                                                                                                                                                                                                          <option value="http" <% getCfgSelected("way_access_web", "http"); %>><script>Capture(management.http)</script></option>                                                                                                                      <option value="http&https" <% gethttphttpsSelected("way_access_web", "http&https"); %>><script>Capture(management.http_https)</script></option>                                                                                              </select>                                                                                                                                                                                                                            </td>                                                                                                                                                                                                                                </tr>                                                                                                                                                                                                                                        <tr id="localport_tr">                                                                                                                                                                                                                               <td class="head"><script>Capture(management.localWeb_Port)</script></td>      


nvram_
 nvram_get  nvram_set
 nvram_get
 Usage:
   nvram_get  [] []
 command:
   rt2860_nvram_show - display rt2860 values in nvram
   rtdev_nvram_show   - display 2nd ralink device values in nvram
   show    - display values in nvram for 
   gen     - generate config file from nvram for 
   renew   - replace nvram values for  with 
   clear   - clear all entries in nvram for 
 platform:
   2860    - rt2860
   rtdev    - 2nd ralink device
 file:
           - file name for renew command
 nvram_get show
 2860
 nvram_get show 2860

Trying to read data

nvram_get gen file tmp.txt
 Usage:
         nvram_get 2860 lan_ipaddr
 nvram_get 2860 lan_ipaddr
 192.168.11.1
 nvram_get 2860 http_wanport
 nvram_get 2860 http
 nvram_get 2860 httpd
 nvram_get 2860 remote_mgt_https
 nvram_get 2860 remote_mgt
 nvram_get 2860 telnet
 nvram_get 2860 remote_mgt
 nvram_get 2860 remote_ip
 nvram_get 2860 wan_ip

grep “nvram_get 2860” * | grep -i web

grep "nvram_get 2860" * | grep -i web
 check_goahead.sh:DBID_WEB_PORT=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  local web_remote_ip=nvram_get 2860 WebRemoteLegalIP
 common_lib.sh:  wireless_access_web=nvram_get 2860 wireless_access_web
 common_lib.sh:  wanwebport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  lanwebport=nvram_get 2860 lan_webport
 common_lib.sh:  local webport=nvram_get 2860 DBID_WEB_PORT
 common_lib.sh:  local webhttpsport=nvram_get 2860 DBID_WEB_SSL_PORT
 common_lib.sh:  local web_remote_ip=nvram_get 2860 WebRemoteLegalIP
 common_lib.sh:            local teluserpwd=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 global.sh:webinit=nvram_get 2860 WebInit
 internet.sh:    pass=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 lan.sh:lan_gw=nvram_get 2860 lan_gateway #for debug, so remote host can access web route from another device in lan port
 nat.sh:webport=nvram_get 2860 DBID_WEB_PORT
 set_ping_rule.sh:       local pinglegaip=nvram_get 2860 WebAclList
 storage.sh:     admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:     admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:     admPW=nvram_get 2860 DBID_NORMAL_WEB_PASSWORD
 storage.sh:             admPW=nvram_get 2860 DBID_SUPER_WEB_PASSWORD
 storage.sh:             admPW=nvram_get 2860 DBID_NORMAL_WEB_PASSWORD
 updown_make.sh:         url=nvram_get 2860 websURLFilters
 updown_make.sh:         host=nvram_get 2860 websHostFilters

SSH

Not exactly sure if this does work, but seems like it should.

nvram_get SSH_SERVER_REMOTE_ENABLE

Default status

Enable 

nvram_set SSH_SERVER_REMOTE_ENABLE 1

After running above command

Commit changes

nvram_get commit

Reboot

reboot

Change password

Seems like I am missing a step. Seems to change the password in the nvram, but does not actually change it permanently

Get current password

nvram_get 2860 Password
admin

Set Password

nvram_set Password newpassword

Commit Changes and reboot

nvram_set commit
reboot

Helpful links

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=29181

Uses some of the commands (i.e. nvram_get 2860 HostName )
https://github.com/jameshilliard/hlk-rm04-squashfs-root-1.78/blob/master/sbin/lan.sh

Ubiquiti set DHCP from command line

Posted on by
Reply

Edit the “/tmp/system.cfg”

Change the line that contains “dhcpc.status=disabled” to

dhcpc.status=enabled

add the following lines

dhcpc.1.devname=br0         
dhcpc.1.fallback=192.168.1.20
dhcpc.1.fallback_netmask=255.255.255.0
dhcpc.1.status=enabled

Save and exit and save changes

/usr/etc/rc.d/rc.softrestart save

Log into the GUI and verify everything looks correct. Under the network tab it was still showing that it had a static address, although it pulled a DHCP IP.