Product Documentation

SSH Key-based authentication for Citrix ADC administrators

SSH key-based authentication is preferred over traditional username/password type authentication for following reasons:

  • provides better cryptographic strength than user passwords.
  • eliminates the need of remembering complicated passwords and prevents shoulder-surfing attacks which are possible if passwords are used.
  • provides a password-less login for making automation scenarios more secured.

Citrix ADC supports SSH key-based authentication by leveraging the public and private key concept. The SSH key-based authentication in Citrix ADC can be enabled either at a user-specific level for Citrix ADC local users or enabled for Citrix ADC local users in common.

Note: This is currently supported only for Citrix ADC local users and not supported for external users.

Configuring SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can set up SSH key-based authentication for a secured system access. When a user log into Citrix ADC using a private key, the system authenticates using the public key configured on the appliance.

To configure SSH key-based authentication for Citrix ADC local system users by using command line interface

Follow the below configuration to configure key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. By default your sshd_config file will access this path: AuthorizedKeysFile /nsconfig/ssh/authorized_keys
  3. Append the public key to the authorized_keys file.

               /nsconfig/ssh/authorized_keys

Once you have configured, restart the sshd process in your appliance.

Note

If authorized_keys file is not available, you must first create one and then append the public keyMake sure the file has the following permission for the authorized_keys**.

root@Citrix ADC# chmod 0644 authorized_keys

    > shell

    Copyright (c) 1992-2013 The FreeBSD Project.

    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

              The Regents of the University of California. All rights reserved.

    root@ns# cd /nsconfig/ssh

    root@ns# vi authorized_keys

              ### Add public keys in authorized_keys file

Configuring user-specific SSH key-based authentication for local system users

In a Citrix ADC appliance, an administrator can now set up a user specific key-based authentication for a secured system access. To do this, the administrator must first configure the Authorizedkeysfile option in sshd_config file and then add the public key in the authorized_keys file for a system user.

Note

If the authorized_keys file is not available for a user, the administrator must first create one and then add the public key to it.  

To configure user-specific SSH key-based authentication by using command line interface

Follow the procedure below to configure user-specific SSH key-based authentication for Citrix ADC local system users.

  1. Log on to a Citrix ADC appliance using administrator credentials.
  2. At the shell prompt, access the sshd_config file and add the following configuration line:  AuthorizedKeysFile ~/.ssh/authorized_keys
  3. Change directory to system user folder and add the public keys in the authorized_keys file.

  /var/pubkey/<username>/.ssh/authorized_keys

Once you have completed the above steps, restart the sshd process on your appliance.

Note

If authorized_keys file is not available, you must first create one and then add the public key.

    > shell

    Copyright (c) 1992-2013 The FreeBSD Project.

    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

              The Regents of the University of California. All rights reserved.

    root@ns# cd /var/pubkey/<username>/

    root@ns# ls

    .ssh

    root@ns# cd .ssh

    root@ns# vi authorized_keys

              ### Add public keys in authorized_keys file

SSH Key-based authentication for Citrix ADC administrators