We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Key-Based SSH Authentication for the Root User

  • Last updated on

It is recommended to use key-based authentication for logging in via SSH with the root user, by configuring the authorized SSH keys in the Administrative Settings of the NG Firewall. To generate SSH keys use puttygen on Windows, or ssh-keygen on Linux to create SSH keys. Only the public key is imported on the firewall. It is recommended to always use private keys with passphrases. The public key must be formatted in the OpenSSH format.

Before You Begin

Generate or locate the SSH key pair to be used to log into the NG Firewall via SSH.

Step 1. Limit SSH Root Access to Authenticate via SSH Key

  1. Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > SSH.
  2. Click Lock.
  3. In the left menu, select Basic Setup.
  4. From the Permit Root Login drop-down list, select key-only.
    root_ssh_key_01.png
  5. Click Send Changes and Activate.

Step 2. Add Public Key for the Root User

Add the public key to the authorized keys. This key is used to authenticate SSH logins for the root user.

  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
  2. Click Lock.
  3. Expand the Configuration Mode menu on the left, and select Switch to Advanced View.
  4. In the left menu, select Advanced System Access.
  5. Paste the public key to the Authorized Root Keys table. Use a new line for each SSH key.
    root_ssh_key_02.png
  6. Click Send Changes and Activate.

You can now log into the NG Firewall via SSH using key-based authentication. Logging in using a password is no longer possible.

Last updated on