ADC

SSH key-based authentication for local system users

To have a secured user access for the Citrix ADC appliance you can have the public key authentication of the SSH server. The SSH key-based authentication is preferred over traditional user name or password based authentication for the following reasons:

  • Provides better cryptographic strength than user passwords.
  • Eliminates the need of remembering complicated passwords and prevents shoulder-surfing attacks which are possible if passwords are used.
  • Provides a password-less login for making automation scenarios more secured.

Citrix ADC supports SSH key-based authentication by applying the public and private key concept. The SSH key-based authentication in Citrix ADC can be enabled either for a specific user or for all local users.

Note

The feature is supported only for Citrix ADC local users and not supported for external users.

SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can set up SSH key-based authentication for a secured system access. When a user logs into the Citrix ADC using a private key, the system authenticates the user using the public key configured on the appliance.

Configure SSH key-based authentication for the Citrix ADC local system users by using CLI

Following configuration helps you to configure key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. By default your sshd_config file accesses this path: AuthorizedKeysFile /nsconfig/ssh/authorized_keys.
  3. Append the public key to the authorized_keys file: /nsconfig/ssh/authorized_keys. The file path for sshd_config is /etc/sshd_config.
  4. Copy the sshd_config file into /nsconfig to ensure that the changes persist even after restarting the appliance.
  5. You can use the following command to restart your sshd process.
    kill -HUP `cat /var/run/sshd.pid`
<!--NeedCopy-->

Note

If the authorized_keys file is not available, you must first create one and then append the public key. Make sure the file has the following permission for the authorized_keys.

root@Citrix ADC# chmod 0644 authorized_keys

> shell
Copyright (c) 1992-2013 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
root@ns# cd /nsconfig/ssh
root@ns# vi authorized_keys
### Add public keys in authorized_keys file
<!--NeedCopy-->

User-specific SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can now set up a user specific SSH key-based authentication for a secured system access. The administrator must first configure the Authorizedkeysfile option in the sshd_config file and then add the public key in the authorized_keys file for a system user.

Note

If the authorized_keys file is not available for a user, the administrator must first create one and then add the public key to it.

Configure user-specific SSH key-based authentication by using the CLI

Following procedure helps you to configure user-specific SSH key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. At the shell prompt, access the sshd_config file and add the following configuration line:

    AuthorizedKeysFile ~/.ssh/authorized_keys

    Note

    The ~ is the home directory and differs for different users. It expands to the different home directory.

  3. Change the directory to the system user folder and add the public keys in the authorized_keys file.

    /var/pubkey/<username>/.ssh/authorized_keys

Once you have completed the earlier steps, restart the sshd process on your appliance by the following command:

    kill -HUP `cat /var/run/sshd.pid`

<!--NeedCopy-->

Note

If the authorized_keys file is not available, you must first create one and then add the public key.

> shell
Copyright (c) 1992-2013 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
root@ns# cd /var/pubkey/<username>/
root@ns# ls
.ssh
root@ns# cd .ssh
root@ns# vi authorized_keys
### Add public keys in authorized_keys file

<!--NeedCopy-->

Also, read Citrix article, CTX109011 to know how secure SSH access to Citrix ADC appliance works.

SSH key-based authentication for local system users