Users and passwords
SSH Public Key Access
By default, you can access an HAProxy ALOHA host by logging in with ssh
and providing the credentials admin
/ admin
.
As an alternative, you can configure SSH public key access. SSH public key access is more secure than regular password access, and it’s more convenient because you don’t have to enter a password each time.
Repeat these procedures for each HAProxy ALOHA in the pair.
Configuring the client Jump to heading
-
If you do not already have an SSH key, create one with the
ed25519
algorithm:nixssh-keygen -t ed25519 -C "name@example.com"nixssh-keygen -t ed25519 -C "name@example.com"When prompted for a file and passphrase, accept the default values.
To Create an SSH key for user
admin
.nixssh-keygen -t ed25519 -C "admin@example.com"nixssh-keygen -t ed25519 -C "admin@example.com"outputtextGenerating public/private ed25519 key pair.Enter file in which to save the key (/home/admin/.ssh/id_ed25519):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/admin/.ssh/id_ed25519Your public key has been saved in /home/admin/.ssh/id_ed25519.pubThe key fingerprint is:SHA256:1ZRgPRTwaUDAsC1dn1C7BZMh3rIBwSdsxqLk486FnCI admin@example.comThe key's randomart image is:+--[ED25519 256]--+| .*++X*O= || . .+O=.X=* || o .o+oo= X.. || + . . = o || o + S . . ||E . = . || . + . || o || |+----[SHA256]-----+outputtextGenerating public/private ed25519 key pair.Enter file in which to save the key (/home/admin/.ssh/id_ed25519):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/admin/.ssh/id_ed25519Your public key has been saved in /home/admin/.ssh/id_ed25519.pubThe key fingerprint is:SHA256:1ZRgPRTwaUDAsC1dn1C7BZMh3rIBwSdsxqLk486FnCI admin@example.comThe key's randomart image is:+--[ED25519 256]--+| .*++X*O= || . .+O=.X=* || o .o+oo= X.. || + . . = o || o + S . . ||E . = . || . + . || o || |+----[SHA256]-----+ -
Ensure the permissions are correct on your private key file.
nixcd ~sudo chmod 600 .ssh/id_ed25519nixcd ~sudo chmod 600 .ssh/id_ed25519 -
Upload your public key to the HAProxy ALOHA host.
Caution
Make sure you are uploading the public key file,
id_ed25519.pub
, not the private key file,id_ed25519
. The private key file can give any user possessing it access to any host where you have access.For example, to upload the public key file to the HAProxy ALOHA host at IP address
192.168.0.100
:nixscp .ssh/id_ed25519.pub admin@192.168.0.100:/tmp/nixscp .ssh/id_ed25519.pub admin@192.168.0.100:/tmp/outputtextadmin@192.168.0.100's password: ***id_ed25519.pub 100% 393 0.4KB/s 00:00outputtextadmin@192.168.0.100's password: ***id_ed25519.pub 100% 393 0.4KB/s 00:00
Configuring the HAProxy ALOHA host Jump to heading
To complete the configuration, perform the following steps on the HAProxy ALOHA host.
-
Log in to the HAProxy ALOHA host.
For example, to log in to the host at IP address
192.168.0.100
:nixssh admin@192.168.0.100nixssh admin@192.168.0.100outputtextadmin@192.168.0.100's password: ***admin@ALOHA1:~$outputtextadmin@192.168.0.100's password: ***admin@ALOHA1:~$ -
Add the new key by concatenating it to the end of the authorized keys file,
/etc/ssh/authorized_keys/admin
:nixcat /tmp/id_ed25519.pub | sudo tee -a /etc/ssh/authorized_keys/adminnixcat /tmp/id_ed25519.pub | sudo tee -a /etc/ssh/authorized_keys/admin -
Make the file readable by owner and group:
nixsudo chmod 440 /etc/ssh/authorized_keys/adminnixsudo chmod 440 /etc/ssh/authorized_keys/admin -
Save the changes to make them persist after a reboot:
nixsudo config savenixsudo config save
You can now make an SSH connection to the load balancer, and you will not be prompted to enter a password.
To give other users access to the host, add their public keys in the same way.
Info
These procedures assume that the user name is admin
. When adding different names, ensure the authorized key file name matches the user name.
Optional: Disable SSH password login Jump to heading
Optionally, you can disable the default login behavior. With this configuration, users having a public key on the HAProxy ALOHA host can login without entering a password.
After verifying that SSH public key login works correctly, perform these steps on the HAProxy ALOHA host.
-
In the Tools tab File Manager, navigate to
/etc/ssh
and click thesshd_config
file to open it for editing. -
Change
PasswordAuthentication
tono
:PasswordAuthentication no
PasswordAuthentication no
-
Click Save.
-
On the Services tab, locate sshd and click Restart.
-
On the Setup tab, go to the Configuration section and click Save.
Do you have any suggestions on how we can improve the content of this page?