When using the above to run a matrix server, it can be confusing how to verify and check which version of Postgres you are running. Fortunately this is really easy to check.
Run
sudo matrix-postgres-cli --version
And you should get the version of Postgres that is being used.
You will need a hash of the password to put into the database. We don’t cover that in this post. You could copy the password from a different user account or use a different UniFi instance to change the password and then check the DB to find the hash.
SSH into the UniFi Server
ssh unifiadmin@unifiserver
Connect to MongoDB
Connect to Mongo by typing in the following.
mongo -port 27117
Then select the ace database by typing
use ace
Find user ObjectId
The admins are in the admin collection/table. Use the following command to list all the users and their name, email, and password hash.
The following looks complex. Fortunately though you should be able to copy and paste. You should only need to change the – ObjectId to your User Id – Password Hash to your password hash
Manually adding the UniFi Protect self signed certificate can be helpful if you are accessing the controller over the local network. It has the benefit of letting your browser remember the password if wanted and not having to verify the certificate.
First we need to acquire the certificate.
Acquire UniFi Protect Certificate
In a Chrome based web browser, go to the IP address of the UniFi Protect NVR
Click in the URL bar where is says “Not secure” -> Certificate -> Details -> Copy to file
Follow the export Wizard. You can use the default settings.
Import Certificate
You can now import the certificate by double clicking on the cert.
Importing unifi.local cert
Note that it says to install the cert in the “Trusted Root Certification Authorities” store
Import unifi.local cert select Local MachineBrowse for Certificate StoreSelect Trusted Root Certification AuthoritiesImporting unifi.local to the Trusted Root Certification AuthoritiesConfirm unifi.local certificate import
Now we can move on to Configuring the hosts file.
Add unifi.local to system hosts file
We need to add an entry for unifi.local as the cert if for unifi.local hostname and not the controllers IP address.
We’ll essentially be following the same steps outlined in the following post.
Now we can extract the zip archive. You can do this on Windows, macOS, or Linux through the GUI or you can extract with
sudo unzip autobackup_6.2.33.zip -d unifi
This will extract all the files and folders to a directory named unifi.
cd unifi
Dump database to JSON
You should now see the db.gz file. This is a compressed archive of the database in BSON (Binary JSON) format. We can use the mongo-tools to convert this to a more human readable JSON format.
sudo apt install mongo-tools
Now we can extract the archive and pipe it through bsondump.
gunzip -c db.gz | bsondump
You can run it through grep to filter out what you need.
You can also dump the db to a json file with
bsondump --bsonFile=db --outFile=db.json
More notes on the decrypt script.
The decrypt script is really simple. It looks like it uses a key to decrypt the UniFi backup and then puts all the contents into a zip file. There is also an encryption script. Theoretically you can decrypt, make changes to the config and then reencrypt and restore to a server.
By default the passwords are “encrypted” so you can not tell what the password is.
No way to view cnPilot WiFi password in the Web UI
We covered decrypting the passwords from the config file from cambium cloud. But what about a local router that is not connected to the cloud. What then?
Thankfully everything you need is on the router. We’ll need to use the command line tools.
Now we can decrypt the password. Replace the string at the end with the encrypted string
3des_hex -d c760ba8ffe65c669
It should now display the decrypted password
# 3des_hex -d c760ba8ffe65c669
12345678#
Note that it puts the # symbol after the password and if you try to type something in, it clears the line. you can use the following to have cleaner output.
So if I want to continuously ping a website, say incredigeek.com, I can put in the following
ping -n 0 incredigeek.com
Hit return and we are off to the races. But wait. I can’t get it to stop. Ctrl + C, doesn’t do anything, Ctrl + D or Ctrl +Z don’t help either.
Okay well fine. We’ll launch another terminal and ssh into it again and see what we can do. Excellent, now we are in aaand… wait… why are the ping results showing up here too? Help!!!
Buried in the heart of the helpful help command are these lines.
ping -- Send ICMP ECHO_REQUEST packets to network hosts
pingend -- End ICMP ECHO_REQUEST packets to network hosts
You don’t say. Well lets try typing in pingend with all the commotion going on in the terminal.
SSH+> pingend
Ping statistics for 142.250.191.206:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss)
Well good to know. Saves having to reboot the device.
That should be everything that you need. Send a test email to an external email account to verify that it works.
Note that it looks like sending an email locally to email addresses on the same domain or to yourself bypass the filter and do not get the disclaimer added.
The following links were helpful for getting this set up.