SSH Public Key Access
By default, you can access an HAProxy ALOHA host by logging in with
ssh and providing the credentials admin / admin.
As an alternative, you can configure SSH public key access. SSH public key access is more secure than regular password access, and it's more convenient because you don't have to enter a password each time.
Configuring the Client
If you do not already have an SSH key, create one with the
$ ssh-keygen -t ed25519 -C "email@example.com"
When prompted for a file and passphrase, accept the default values.
Create an SSH key for user
$ ssh-keygen -t ed25519 -C "firstname.lastname@example.org"
Generating public/private ed25519 key pair. Enter file in which to save the key (/home/admin/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/admin/.ssh/id_ed25519 Your public key has been saved in /home/admin/.ssh/id_ed25519.pub The key fingerprint is: SHA256:1ZRgPRTwaUDAsC1dn1C7BZMh3rIBwSdsxqLk486FnCI email@example.com The key's randomart image is: +--[ED25519 256]--+ | .*++X*O= | | . .+O=.X=* | | o .o+oo= X.. | | + . . = o | | o + S . . | |E . = . | | . + . | | o | | | +----[SHA256]-----+
Ensure the permissions are correct on your private key file.
$ cd ~ $ chmod 600 .ssh/id_ed25519
Upload your public key to the HAProxy ALOHA host.
Upload the public key file to the HAProxy ALOHA host at IP address
$ scp .ssh/id_ed25519.pub firstname.lastname@example.org:/tmp/
email@example.com's password: *** id_ed25519.pub 100% 393 0.4KB/s 00:00
Configuring the HAProxy ALOHA Host
To complete the configuration, perform the following steps on the HAProxy ALOHA host.
Log in to the HAProxy ALOHA host.
Log in to the host at IP address
$ ssh firstname.lastname@example.org email@example.com's password: *** admin@ALOHA1:~$
Add the new key by concatenating it to the end of the authorized keys file,
root@ALOHA1:~# cat /tmp/id_ed25519.pub | sudo tee -a /etc/ssh/authorized_keys/admin
Make the file readable by owner and group:
root@ALOHA1:~# chmod 440 /etc/ssh/authorized_keys/admin
You can now make an SSH connection to the load balancer, and you will not be prompted to enter a password.
To give other users access to the host, add their public keys in the same way.
Optional: Disable SSH Password Login
Optionally, you can disable the default login behavior. With this configuration, users having a public key on the HAProxy ALOHA host can login without entering a password.
After verifying that SSH public key login works correctly, perform these steps on the HAProxy ALOHA host.
In the Tools tab File Manager, navigate to
/etc/sshand click the
sshd_configfile to open it for editing.
On the Services tab, locate sshd and click Restart .
On the Setup tab, go to the Configuration section and click Save.
Next upLDAP Authentication