How to Create a Key Pair for NetScaler SSH Authentication by Using "ssh-keygen" Utility

How to Create a Key Pair for NetScaler SSH Authentication by Using "ssh-keygen" Utility

book

Article ID: CTX109008

calendar_today

Updated On:

Description

This article contains information about creating a key pair for NetScaler secure shell (SSH) Public Key authentication by using the "ssh-keygen" utility.

Requirements

OpenSSH or equivalent

Background

The SSH utility consists of a number of authentication mechanisms, such as password, keyboard-interactive, and public key. By default, passwords are used for authentication. By generating a key pair and using the key pair to authenticate the users, significantly enhance the security. This ensures that a user intending to attack the system would need access not only to the private key but also to the passkey used to encrypt the key. It is also possible to create keys that are not protected with a passphrase required for some applications, such as to enable automated scripted log on. You must consider the security risks in such cases if the system has to receive a public key from an unauthorized user.

Instructions

To create a key pair for secure shell (SSH) Public Key authentication by using the ssh-keygen utility, complete the following procedure:
Note: Consider using a longer key such as 2048 bit for additional security.

  1. Run the following command:
    ssh-keygen -t rsa -C <e-mail>
    In the preceding command, the comment, -C, field is optional. However, you must provide an e-mail address to ensure that other administrators can identify the public key.

  2. Ensure that you enter a strong passphrase to protect the private key. You can log in without a passphrase. But, it is not recommended due to security reasons.

You must not share the private key. This key is used to authenticate remote servers. Ensure that the key protected from an unauthorized access. The public key must be copied to remote servers and appended to the ~/.ssh/authorized_keys file for UNIX hosts. If the key is used to authenticate a NetScaler appliance, store the key in the /nsconfig/ssh/authorized_keys file on the remote NetScaler appliance.

The following screen shot displays the results of the ssh-keygen command run from the shell prompt:

User-added image

Issue/Introduction

This article contains information about creating a key pair for NetScaler secure shell (SSH) Public Key authentication by using the "ssh-keygen" utility.

Additional Information

Powered by Wolken Software