Accessing a NetScaler by Using SSH keys and No Password


NetScaler 设备管理一般是通过 ssh �Cl nsroot@ip 然后输入密码进行登陆管理的。但是应用发布的时候需要使用脚本进行自动登录,所以需要使用 ssh public-key 进行登录而非密码登陆。所以需要按照如下步骤进行操作:
 
摘自:
http://support.citrix.com/proddocs/index.jsp?lang=en&topic=/netscaler/ns-initial-config-using-ssh-tsk.html
 
Accessing a NetScaler by Using SSH keys and No Password
Updated: 2009-10-09
In a setup with a large number of NetScaler appliances, you will have to store and look up passwords for each appliance before you can log on to the appliance. To avoid this, you can set up secure shell access with public key encryption on the appliance so that you are not prompted for the password. To do this, you will need to first generate the public/private key on the client and then copy the public key to the NetScaler.
1, To generate the public/private key on a Linux client
Change directory to /root/.ssh
Generate the public and private key pair. At the prompt, type:
[root@localhost .ssh]# ssh-keygen -t rsa
Press Enter when prompted for a file name to save the key.
Press Enter when prompted for a passphrase.
2, To copy the public key (id_rsa.pub) to the remote NetScaler
Log on to the remote NetScaler from the Linux client.
Change directory to /nsconfig/ssh. At the prompt, type:
cd /nsconfig/ssh
Change to binary mode and copy the public key to this directory. At the prompt, type:
bin
put id_rsa.pub
3, To set up secure shell access with public key encryption on the NetScaler
Open a connection to the NetScaler using a telnet/SSH client, such as PuTTY.
Log on to the NetScaler with the administrator credentials.
At the shell prompt, change the directory to /nsconfig/ssh.
Append the public key to the authorized_keys file and change permissions. At the prompt, type:
cat id_rsa.pub >> authorized_keys
chmod 755 authorized_keys
Remove the public key (optional). At the prompt, type:
rm id_rsa.pub
4, check the permissions as bellow:
If you have stored the keys in the /nsconfig/ssh directory  which is a symbolic link to the /flash/ssh directory and the keys do not appear to be working, then check the directory permissions for the /flash directory. An erroneous build may have caused the /flash directory to have full read-write-execute permissions (777). The NetScaler sshd server does not use these keys if the containing folder has write permission to all users. So you need to check the permission of the /flash and /flash/nsconfig to be 755. Or you have to change them to be 755, using chmod 755 /flash and chmod 755 /flash/nsconfig.
--- 此部分摘自于 http://support.citrix.com/article/ctx114020
5, To verify secure shell access with public key encryption on the NetScaler
 
On the client, verify that you can connect to the remote NetScaler by using SSH, without entering the password. At the prompt, type:
 
ssh �Ci rsa nsroot@NSIPaddress
 
You should not be prompted for a password.
Example
 
补充:
NetScaler 9.1 之前版本的 ssh 认证 authorized_keys 是保存在 /root/.ssh 目录的,由于该目录在设备重启后会丢失,所以需要在 /nsconfig 目录下新编辑一个文件 rc.netscaler 用于 NetScaler 启动后自动运行,类似于 /etc/rc.local NetScaler 启动后不会执行 /etc/rc.local 而是执行 /nsconfig/rc.netscaler 。文件内容如下:
root@ns # cat rc.netscaler
#!/bin/sh
mkdir -p /root/.ssh
echo 'ssh-rsa h9u+OwOYJaCnWor9G*******= admin@host1 (此为在client 生成的public-key ' > /root/.ssh/authorized_keys
chmod -R 700 /root/.ssh
chmod 600 /root/.ssh/*
 
9.1 之后的版本(包括 9.1 )的 ssh 认证 authorized_keys 是保存在 /nsconfig/ssh 目录的。也许是考虑到 /root/.ssh 目录重启后会消失的缘故,所以修改了一下。

你可能感兴趣的:(ssh,key,authorized_keys,NetScaler,nsconfig)