SSH Key-based authentication for NetScaler administrators

SSH key-based authentication is preferred over traditional username/password type authentication for following reasons:

  • provides better cryptographic strength than user passwords.
  • eliminates the need of remembering complicated passwords and prevents shoulder-surfing attacks which are possible if passwords are used.
  • provides a password-less login for making automation scenarios more secured.

NetScaler supports SSH key-based authentication by leveraging the public and private key concept. The SSH key-based authentication in NetScaler can be enabled either at a user-specific level for NetScaler local users or enabled for NetScaler local users in common.

Note: This is currently supported only for NetScaler local users and not supported for external users.

Configuring SSH key-based authentication for local system users

In a NetScaler appliance, an administrator can set up SSH key-based authentication for a secured system access. When a user log into NetScaler using a private key, the system authenticates using the public key configured on the appliance.

To configure SSH key-based authentication for NetScaler local system users by using command line interface

Follow the below configuration to configure key-based authentication for NetScaler local system users.

  1. Log on to a NetScaler appliance using administrator credentials.
  2. By default your sshd_config file will access this path: AuthorizedKeysFile /nsconfig/ssh/authorized_keys
  3. Append the public key to the authorized_keys file.

               /nsconfig/ssh/authorized_keys

Once you have configured, restart the sshd process in your appliance.

Note

If authorized_keys file is not available, you must first create one and then append the public keyMake sure the file has the following permission for the authorized_keys**.

root@NetScaler# chmod 0644 authorized_keys

    > shell

    Copyright (c) 1992-2013 The FreeBSD Project.

    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

              The Regents of the University of California. All rights reserved.

    root@ns# cd /nsconfig/ssh

    root@ns# vi authorized_keys

              ### Add public keys in authorized_keys file

SSH Key-based authentication for NetScaler administrators