Citrix ADC

SSH Key-based authentication for Citrix ADC administrators

SSH key-based authentication is preferred over traditional username/password type authentication for the following reasons:

  • Provides better cryptographic strength than user passwords.
  • Eliminates the need of remembering complicated passwords and prevents shoulder-surfing attacks which are possible if passwords are used.
  • Provides a password-less login for making automation scenarios more secured.

Citrix ADC supports SSH key-based authentication by using the public and private key concept. The SSH key-based authentication in Citrix ADC can be enabled either at a user-specific level for Citrix ADC local users or enabled for Citrix ADC local users in common.

Note

This is supported only for Citrix ADC local users and not supported for external users.

Configuring SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can set up SSH key-based authentication for a secured system access. When a user logs into a Citrix ADC using a private key, the system authenticates using the public key configured on the appliance.

To configure SSH key-based authentication for Citrix ADC local system users by using the CLI

The following configuration helps you to configure key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. By default your sshd_config file accesses this path: AuthorizedKeysFile /nsconfig/ssh/authorized_keys.
  3. Append the public key to the authorized_keys file: /nsconfig/ssh/authorized_keys. The file path for sshd_config is /etc/sshd_config.
  4. You must copy the sshd_config file into /nsconfig to ensure that the changes persist even after restarting the appliance.
  5. You can use the following command to restart your sshd process.

kill -HUP 'cat /var/run/sshd.pid'

Configuring user-specific SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can now set up a user specific key-based authentication for a secured system access. The administrator must first configure the Authorizedkeysfile option in the sshd_config file and then add the public key in the authorized_keys file for a system user.

Note

If the authorized_keys file is not available for a user, the administrator must first create one and then add the public key to it.  

To configure user-specific SSH key-based authentication by using the CLI

The following procedure helps you to configure user-specific SSH key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. At the shell prompt, access the sshd_config file and add the following configuration line: 

    AuthorizedKeysFile ~/.ssh/authorized_keys

  3. Change the directory to a system user folder and add the public keys in the authorized_keys file.

/var/pubkey/<username>/.ssh/authorized_keys

Once you have completed the earlier steps, restart the sshd process on your appliance.

kill -HUP 'cat /var/run/sshd.pid'

Note

If the authorized_keys file is not available, you must first create one and then add the public key.

> shell

Copyright (c) 1992-2013 The FreeBSD Project.

Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

The Regents of the University of California. All rights reserved.

root@ns# cd /var/pubkey/<username>/

root@ns# ls

.ssh

root@ns# cd .ssh

root@ns# vi authorized_keys

### Add public keys in authorized_keys file

<!--NeedCopy-->
SSH Key-based authentication for Citrix ADC administrators