Product Documentation

Accessing an Appliance by Using SSH Keys and No Password

Apr 16, 2013

In a setup where you have a large number of appliances in a network, you need to store and look up passwords for each appliance before you can log on to the appliance. You can set up Secure Shell (SSH) access with public key encryption on the appliances so that you are not prompted for the password. To do this, generate the public/private key on the Linux client and then copy the public key to the appliance.

To generate the public/private key on a Linux client

  1. Change the directory to /root/.ssh.
  2. Generate the public and private key pair. At the command prompt, type [root@localhost .ssh]# ssh-keygen -t rsa
  3. Press Enter when prompted for a file name to save the key.
  4. Press Enter when prompted for a passphrase.

To copy the public key (id_rsa.pub) to the remote appliance

  1. Log on to the remote appliance from the Linux client.
  2. Change the directory to /nsconfig/ssh. At the command prompt, type: cd /nsconfig/ssh
  3. Change to binary mode and copy the public key to this directory. At the command prompt, type:
    bin 
    put id_rsa.pub

To set up SSH access with public key encryption on the appliance

  1. Open a connection to the appliance using a telnet/SSH client, such as PuTTY.
  2. Log on to the appliance using the administrator credentials.
  3. At the shell prompt, change the directory to /nsconfig/ssh.
  4. Append the public key to the authorized_keys file and change permissions. At the command prompt, type:
    cat id_rsa.pub >> authorized_keys 
    chmod 755 authorized_keys
  5. Remove the public key (optional). At the command prompt, type rm id_rsa.pub
  6. At the prompt type the following command to complete the configuration:
    • cp authorized_keys /root/.ssh/authorized_keys2
  7. Change the directory to /nsconfig. At the prompt type:

    cd /nsconfig

  8. To prevent your changes from being lost if the appliance is restarted, add the following line to the rc.netscaler file:
    • cp /nsconfig/ssh/authorized_keys /root/.ssh/authorized_keys2
    Important: If the /nsconfig directory does not contain a rc.netscaler file, you must create one.

To verify SSH access with public key encryption on the appliance

On the Linux client, verify that you can connect to the remote appliance using SSH, without entering the password.

At the prompt, type:

ssh nsroot@<NSIPaddress>

You should not receive a prompt for a password.

Example

ssh nsroot@10.102.96.50