Users and passwords

SSH Public Key Access

By default, you can access an HAProxy ALOHA host by logging in with ssh and providing the credentials admin / admin.

As an alternative, you can configure SSH public key access. SSH public key access is more secure than regular password access, and it’s more convenient because you don’t have to enter a password each time.

Repeat these procedures for each HAProxy ALOHA in the pair.

Configuring the client Jump to heading

  1. If you do not already have an SSH key, create one with the ed25519 algorithm:

    nix
    ssh-keygen -t ed25519 -C "name@example.com"
    nix
    ssh-keygen -t ed25519 -C "name@example.com"

    When prompted for a file and passphrase, accept the default values.

    To Create an SSH key for user admin.

    nix
    ssh-keygen -t ed25519 -C "admin@example.com"
    nix
    ssh-keygen -t ed25519 -C "admin@example.com"
    output
    text
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/home/admin/.ssh/id_ed25519):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/admin/.ssh/id_ed25519
    Your public key has been saved in /home/admin/.ssh/id_ed25519.pub
    The key fingerprint is:
    SHA256:1ZRgPRTwaUDAsC1dn1C7BZMh3rIBwSdsxqLk486FnCI admin@example.com
    The key's randomart image is:
    +--[ED25519 256]--+
    | .*++X*O= |
    | . .+O=.X=* |
    | o .o+oo= X.. |
    | + . . = o |
    | o + S . . |
    |E . = . |
    | . + . |
    | o |
    | |
    +----[SHA256]-----+
    output
    text
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/home/admin/.ssh/id_ed25519):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/admin/.ssh/id_ed25519
    Your public key has been saved in /home/admin/.ssh/id_ed25519.pub
    The key fingerprint is:
    SHA256:1ZRgPRTwaUDAsC1dn1C7BZMh3rIBwSdsxqLk486FnCI admin@example.com
    The key's randomart image is:
    +--[ED25519 256]--+
    | .*++X*O= |
    | . .+O=.X=* |
    | o .o+oo= X.. |
    | + . . = o |
    | o + S . . |
    |E . = . |
    | . + . |
    | o |
    | |
    +----[SHA256]-----+
  2. Ensure the permissions are correct on your private key file.

    nix
    cd ~
    sudo chmod 600 .ssh/id_ed25519
    nix
    cd ~
    sudo chmod 600 .ssh/id_ed25519
  3. Upload your public key to the HAProxy ALOHA host.

    Caution

    Make sure you are uploading the public key file, id_ed25519.pub, not the private key file, id_ed25519. The private key file can give any user possessing it access to any host where you have access.

    For example, to upload the public key file to the HAProxy ALOHA host at IP address 192.168.0.100:

    nix
    scp .ssh/id_ed25519.pub admin@192.168.0.100:/tmp/
    nix
    scp .ssh/id_ed25519.pub admin@192.168.0.100:/tmp/
    output
    text
    admin@192.168.0.100's password: ***
    id_ed25519.pub 100% 393 0.4KB/s 00:00
    output
    text
    admin@192.168.0.100's password: ***
    id_ed25519.pub 100% 393 0.4KB/s 00:00

Configuring the HAProxy ALOHA host Jump to heading

To complete the configuration, perform the following steps on the HAProxy ALOHA host.

  1. Log in to the HAProxy ALOHA host.

    For example, to log in to the host at IP address 192.168.0.100:

    nix
    ssh admin@192.168.0.100
    nix
    ssh admin@192.168.0.100
    output
    text
    admin@192.168.0.100's password: ***
    admin@ALOHA1:~$
    output
    text
    admin@192.168.0.100's password: ***
    admin@ALOHA1:~$
  2. Add the new key by concatenating it to the end of the authorized keys file, /etc/ssh/authorized_keys/admin:

    nix
    cat /tmp/id_ed25519.pub | sudo tee -a /etc/ssh/authorized_keys/admin
    nix
    cat /tmp/id_ed25519.pub | sudo tee -a /etc/ssh/authorized_keys/admin
  3. Make the file readable by owner and group:

    nix
    sudo chmod 440 /etc/ssh/authorized_keys/admin
    nix
    sudo chmod 440 /etc/ssh/authorized_keys/admin
  4. Save the changes to make them persist after a reboot:

    nix
    sudo config save
    nix
    sudo config save

You can now make an SSH connection to the load balancer, and you will not be prompted to enter a password.

To give other users access to the host, add their public keys in the same way.

Info

These procedures assume that the user name is admin. When adding different names, ensure the authorized key file name matches the user name.

Optional: Disable SSH password login Jump to heading

Optionally, you can disable the default login behavior. With this configuration, users having a public key on the HAProxy ALOHA host can login without entering a password.

After verifying that SSH public key login works correctly, perform these steps on the HAProxy ALOHA host.

  1. In the Tools tab File Manager, navigate to /etc/ssh and click the sshd_config file to open it for editing.

  2. Change PasswordAuthentication to no:

    PasswordAuthentication no
    PasswordAuthentication no
  3. Click Save.

  4. On the Services tab, locate sshd and click Restart.

  5. On the Setup tab, go to the Configuration section and click Save.

Do you have any suggestions on how we can improve the content of this page?