How to: Configure SSH Authentication

Overview

By default, BIG-IP Next Central Manager server allows password-based authentication. To switch to a more secure method of authentication, you can use the following procedures that enable SSH key-based authentication and disable password-based authentication.

Procedures

Configure SSH authentication

  1. On your client machine, generate SSH keys by typing the following command in terminal:

ssh-keygen

  1. Press Enter at all the prompts that follow.
    This produces the following two files under the .ssh directory in the current user’s home directory:

  • id_rsa.pub (public key)

  • id_rsa (private key)

  1. Copy the SSH key to your BIG-IP Next Central Manager server by typing the following command:

ssh-copy-id admin@your.server.ip.address

  1. From the BIG-IP Next Central Manager server’s terminal, type the following commands to set the correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

You can now authenticate with the SSH key. Other BIG-IP Next Central Manager users who have access to the credentials of the BIG-IP Central Manager server can still log in using password-based authentication.

Disable Password Authentication

After you set up SSH authentication, you have the option to further secure the access completely disabling the password-based authentication using the following procedure.

  1. From the BIG-IP Next Central Manager server’s terminal, type the following command:

sudo vi /etc/ssh/sshd_config

  1. Change the following line:

PasswordAuthentication yes

to,

PasswordAuthentication no

Apply the changes

  1. Run the following command on BIG-IP Next Central Manager server’s terminal to restart the SSH service:

sudo service ssh restart

  1. On your client machine, test the connection by typing the following command in terminal:

ssh admin@your.server.ip.address

If you connect to BIG-IP Next Central Manager server without a password, the setup was successful.