Managing Ubiquiti UniFi from the Desktop

Posted on 4 2026

The source material this page replaces covers Winbox, MikroTik’s proprietary management GUI. This network runs Ubiquiti UniFi at all three sites, so Winbox has no relevance here. The UniFi management story is quite different: a web-based interface that works in any browser, SSH access for advanced operations, and a set of command line tools for scripting and automation.

The UniFi web interface

The primary management interface for all three routers is the UniFi Network application, accessible via a web browser. Each router runs its own local instance:

Site	Router	Web UI
Burnage Mad House	Prevernal	`https://10.1.0.1`
Fallowfield Asylum	Vernal	`https://10.2.0.1`
The Lighthouse	Estival	`https://10.3.0.1`

Access these from the Kubuntu desktop via Brave. Because these addresses are on internal subnets, you need to either be physically on the network or connected via WireGuard VPN to reach them.

The routers use TLS with certificates signed by your internal CA. Once the CA certificate is added to the system trust store (covered in the certificates section), the browser shows a valid certificate rather than a warning.

UniFi Site Manager

For managing all three routers from a single pane rather than logging into each separately:

https://unifi.ui.com

UniFi Site Manager is Ubiquiti’s cloud management portal. It provides a unified view of all sites associated with your Ubiquiti account, including device health, alerts, and the ability to open a remote management session to each router without being on the local network.

The trade-off is that it routes management traffic through Ubiquiti’s cloud infrastructure. For local network management, the direct IP addresses above are preferable.

SSH access

SSH provides direct access to the UniFi OS shell for advanced operations, diagnostics, and recovery scenarios. Use it for tasks the web UI does not expose.

Enabling SSH

SSH is not enabled by default on UniFi Consoles (the router itself). Enable it via the web UI:

Settings > System > Advanced > SSH

Set a strong SSH password. The username for UniFi gateways is root.

The SSH credentials set here are separate from your UniFi account password. Store them in KeePassXC.

SSH configuration for the three routers

Add entries to ~/.ssh/config for convenient access:

Host prevernal
    Hostname 10.1.0.1
    User root
    Port 22
    IdentityFile ~/.ssh/id_ed25519
    StrictHostKeyChecking yes

Host vernal
    Hostname 10.2.0.1
    User root
    Port 22
    IdentityFile ~/.ssh/id_ed25519
    StrictHostKeyChecking yes

Host estival
    Hostname 10.3.0.1
    User root
    Port 22
    IdentityFile ~/.ssh/id_ed25519
    StrictHostKeyChecking yes

Connect to any router by name:

ssh prevernal
ssh vernal
ssh estival

Adding your SSH public key

Add your desktop’s public SSH key to each router to avoid password authentication. After enabling SSH, copy your key via the web UI under Settings > System > Advanced > SSH Keys, or paste it directly via the console.

Alternatively, once you have password access:

ssh-copy-id -i ~/.ssh/id_ed25519.pub root@10.1.0.1

Useful SSH commands

UniFi OS is Linux-based. Standard Linux commands work alongside UniFi-specific tools.

System information

# Show device model, firmware version, and uptime
ubnt-device-info summary

# Show system resource usage
top

# Show disk usage
df -h

# Show running processes
ps aux

# Show network interfaces
ip address show

# Show routing table
ip route show

Network diagnostics from the router

Running diagnostics from the router itself gives a different perspective than running them from the desktop, showing what the router sees rather than what the desktop sees:

# Ping across the inter-site VPN
ping 10.2.0.1
ping 10.3.0.1

# DNS resolution from the router
nslookup server.yourdomain.net

# Trace route to external destination
traceroute 8.8.8.8

# Check WireGuard tunnel status
wg show

WireGuard management

# Show WireGuard interface status and peer information
wg show

# Show detailed WireGuard stats including traffic counters
wg show all dump

# Check WireGuard service status
systemctl status wg-quick@wg0

Log access

# View system log
journalctl -f

# View UniFi Network application log
cat /var/log/unifi/server.log

# View firewall log
journalctl -u nftables -f

# View DHCP log
journalctl -u dnsmasq -f

Device management

# Reboot the router
reboot

# Show adopted device list
ubnt-tools all

# Force a device to re-adopt
set-inform http://10.1.0.1:8080/inform

# Check firmware version
cat /etc/version

The UniFi Network application from the desktop

The UniFi Network application can also run as a self-hosted server on a Linux machine, separate from the routers themselves. Running it on the homelab server (February, once built) means the network controller is always available without logging into an individual router.

Install the self-hosted controller on the homelab server:

# Add the Ubiquiti repository (run on the homelab server, not the desktop)
echo 'deb [ arch=amd64,arm64 ] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | \
    sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list

sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg \
    https://dl.ui.com/unifi/unifi-repo.gpg

sudo apt update
sudo apt install unifi

Once running on the homelab server, access it from the desktop at:

https://server.yourdomain.net:8443

This provides a persistent management interface that works even when you are not on the local network of any specific site.

Monitoring from the desktop

Quick status check via SSH

A simple script to check the status of all three routers:

#!/usr/bin/env bash
# ~/.local/bin/unifi-status
# Quick health check across all three sites

for router in prevernal vernal estival; do
    echo "=== $router ==="
    ssh -o ConnectTimeout=5 "$router" \
        'echo "Uptime: $(uptime -p)"; echo "Load: $(cat /proc/loadavg | cut -d" " -f1-3)"; wg show | grep -E "peer:|latest handshake:"' 2>/dev/null \
        || echo "Connection failed"
    echo
done

Make it executable and run it from anywhere:

chmod +x ~/.local/bin/unifi-status
unifi-status

Alert notifications

The UniFi Network application sends email alerts for network events: device offline, high CPU usage, rogue AP detected, and similar. Configure the notification email in the web UI under Settings > Notifications.

Point it at your self-hosted mail server, which delivers alerts to your inbox alongside everything else. For critical alerts, configure a separate notification via the homelab monitoring setup.

Backup and restore

Automated backups

The UniFi Network application backs up its configuration automatically. Verify the backup schedule and location in Settings > System > Backups. The backup file contains the full network configuration including all VLANs, firewall rules, WireGuard configuration, and device settings.

Copy backups off the router to the homelab NAS:

# From the desktop, pull the latest backup from Prevernal
rsync -avz root@10.1.0.1:/data/autobackup/ \
    /media/${USER}/NAS/Backups/UniFi/prevernal/

Add this to the anacron weekly jobs:

cat > ~/.anacron/cron.weekly/unifi-backup << 'EOF'
#!/usr/bin/env bash
# Pull UniFi configuration backups from all three routers

for router in prevernal vernal estival; do
    ip=$(ssh -G "$router" | grep "^hostname " | awk '{print $2}')
    rsync -avz --quiet "root@${router}:/data/autobackup/" \
        "/media/${USER}/NAS/Backups/UniFi/${router}/" 2>/dev/null \
        || echo "Backup failed for $router"
done
EOF

chmod 0755 ~/.anacron/cron.weekly/unifi-backup

Manual backup

To export a manual backup from the web UI: Settings > System > Backups > Download Backup. Store the resulting .unf file in the NAS backup directory alongside the automated copies.

SSH security note

SSH port 22 should never be exposed to the internet. Restrict access to your admin IP address using firewall rules, and use the WireGuard VPN for remote access rather than opening SSH to the public internet. The SSH configuration in this series accesses the routers only via the internal network or through the WireGuard tunnel, never directly from the internet.

The UniFi web interface handles the vast majority of configuration tasks. SSH is a troubleshooting and automation tool, not the primary management interface. Ubiquiti’s own guidance is to avoid using SSH unless necessary for advanced troubleshooting, since manual changes can be overwritten by the controller. Keep that in mind before making changes at the command line.