B2 - Brahms Blog

My adventures with Ubiquity

Posted on 2025-01-12.

The story begins with a common tale: our WLAN coverage at home was insufficient. So I shopped around and decided on an Ubiquity Unifi AC HD. There was no real reason behind it, in the back of my mind there was some dark memory about a colleague saying that they were good.

Anyway, I opened up the openWRT page for the device and read through the documentation. It looked easy enough, so I connected everything to the network and tried to connect via SSH ... which did not work.

no matching host key type found. Their offer: ssh-rsa,ssh-dss

Welp ... Okay, so I dived into the search engine (it being the mess it is), but could not find anything usable.

Ubiquiti being a vendor, they of course have a mobile app for their device (what do you do if you dont have a compatible smartphone??). And of course, the app is total shit (that is gonna be a distinct blog entry i think - btw, if you are from ubiquiti and reading this, no front, i suspect most vendor apps suck even worse).

the app keeps saying that the setup was not possible and i would have to retry ...

after 20 minutes of debugging and searching in the net, the app apparently was sufficiently pleased and started "updating the device".

meanwhile i found out that it was apparently already using openwrt (version 15.05!!!), i am really confused

now we arent finished of course!

finally on the device (after a real long update and setup session ...), the openwrt docs say to use scp to connect, but apparently there is no sftp-server binary:

ash: /usr/libexec/sftp-server: not found

Fixed by using the legacy option (see also: https://stackoverflow.com/questions/74311661/subsystem-request-failed-on-channel-0-scp-connection-closed)

before going any further, read the file /proc/mtd and make sure that the device match according to the wiki! (I did that afterwards, maniac that i am)

/dev/mtdblock12 is correct, i have no idea why its not mtd12 as with the first command

so after i thought that i had installed openwrt the only thing happening after the reboot was the reset of the vendor firmware back to 4.0 something

if ssh doesnt want to connect, upgrade the firmware in the app (even if it apparently does not succed, ssh now works)

ssh didnt work because the required algorithm (rsa-ssh) is deprecated in current fedora. upgrading the firmware apparently also upgrades the used algorithm.

anyway, apparently the kernel0 could not be altered in the newest firmware version (6.6). Using dmesg, you could see that it failed, but sadly not why. The post in the forum mentioned the wrong binary, but I was using the correct one already. Then I thought, maybe the problem is actually the firmware version, since openwrt was only tested until 4.3.12 (at the time of my trials). Luckily, Ubiquiti allows easy down- or upgrading (if you already are connected that is) via the "upgrade" binary. Add the download URL for the wanted firmware version as a parameter (in this case: "upgrade https://dl.ui.com/unifi/firmware/U7HD/4.3.21.11325/BZ.ipq806x.v4.3.21.11325.200922.1739.bin) and the device does everything magically.

Now when i wanted to connect i was again met with the dreaded HostKeyAlgorithm message. This time my fix from above did not work, so i was stuck again

diving into the documentation i realized that fedora has also a global crypto policy, which was set to DEFAULT. This disabled weak algorithms, for example (you guessed it) rsa-ssh.

Setting the policy to LEGACY let me happily use these deprecated algorithms. Pinning a big reminder about resetting this I finally connected to the now correct firmware.

After doing everything as described in the wiki, the device rebooted one final time. The app did not show my registered one and neither showed any "new" devices. Promising!

The device shows as active in my router overview ... but it has no network connection, no IP address. Well, thats odd, how am i supposed to connect to the thing.

After thinking about a few things that might interfere, i decided to read on in the starter guide on what to do after flashing (which apparently did work - or maybe i had just bricked the device). It said to access the web interface on 192.168.1.1. Well, okay, but my device has no IP address. Then it hit me: openWRT is used for routers, so they probably dont expect DHCP or the likes, which ofc is what my router tried to apply to the new device in the network.

So i connected the device directly to my debug computer i had laying at the ready and voila, the greeting page congratulated me on my achievement of getting openWRT installed on a Ubiquiti Unifi AC HD. what a journey.

The rest of the setup will be continued on another day though!

This is a footer! Look at me, I am a web developer!