Citrix ADC 13.0

SSH key-based authentication for local system users

To have a secured user access for a Citrix ADC appliance you can the public key authentication of Secure Shell (SSH) server. The SSH key-based authentication is preferred over traditional user name or password based authentication for the following reasons:

  • provides better cryptographic strength than user passwords.
  • eliminates the need of remembering complicated passwords and prevents shoulder-surfing attacks which are possible if passwords are used.
  • provides a password-less login for making automation scenarios more secured.

Citrix ADC supports SSH key-based authentication by applying the public and private key concept. The SSH key-based authentication in Citrix ADC can be enabled either for a specific user or for all local users.

Note:

The feature is supported only for Citrix ADC local users and not supported for external users.

SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can set up SSH key-based authentication for a secured system access. When a user logs into the Citrix ADC using a private key, the system authenticates the user using the public key configured on the appliance.

Configure SSH key-based authentication for the Citrix ADC local system users by using CLI

Follow the below configuration to configure key-based authentication for the Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. By default your sshd_config file accesses this path: AuthorizedKeysFile /nsconfig/ssh/authorized_keys.
  3. Append the public key to the authorized_keys file: /nsconfig/ssh/authorized_keys. The file path for sshd_config is /etc/sshd_config.
  4. You must copy the sshd_config file into /nsconfig to restart the sshd process in your appliance.
  5. You can use the following command to restart your appliance.

kill -HUP cat '/var/run/sshd.pid'

Note:

If the authorized_keys file is not available, you must first create one and then append the public key. Make sure the file has the following permission for the authorized_keys.

root@Citrix ADC\# chmod 0644 authorized\_keys

> shell
Copyright (c) 1992-2013 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
root@ns# cd /nsconfig/ssh
root@ns# vi authorized_keys
### Add public keys in authorized_keys file

User-specific SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can now set up a user specific SSH key-based authentication for a secured system access. To do this, the administrator must first configure the Authorizedkeysfile option in the sshd_config file and then add the public key in the authorized_keys file for a system user.

Note:

If the authorized_keys file is not available for a user, the administrator must first create one and then add the public key to it.

Configure user-specific SSH key-based authentication by using CLI

Follow the procedure below to configure user-specific SSH key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. At the shell prompt, access the sshd_config file and add the following configuration line: AuthorizedKeysFile ~/.ssh/authorized_keys
  3. Change the directory to the system user folder and add the public keys in the authorized_keys file.

/var/pubkey/<username>/.ssh/authorized_keys

Once you have completed the above steps, restart the sshd process on your appliance.

Note:

If the authorized_keys file is not available, you must first create one and then add the public key.

> shell
Copyright (c) 1992-2013 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
root@ns# cd /var/pubkey/<username>/
root@ns# ls
.ssh
root@ns# cd .ssh
root@ns# vi authorized_keys
### Add public keys in authorized_keys file

Also, read Citrix article, CTX109011 to know how secure SSH access to Citrix ADC appliance works.

SSH key-based authentication for local system users