Forum Discussion
Pilow
Nimbostratus
NimbostratusAdd ssh-rsa to 17.1.1 host key algorithm
Hello,
I've recently upgraded a HA pair of LTM devices to 17.1.1 and found out that I can no longer access the devices through 3rd party software SSH connection. I've been searching for the articles to resolve the issue but they only say I should upgrade the SSH connecting software or revise the settings of it which I can't since other network devices are connected as well.
I doubt this is because the OS versions later than 17.1.0 no longer support ssh-rsa.
Is there any way to add ssh-rsa to the device without changing anything on the 3rd party product?
Good find.
Unfortunately, I do not think there is any alternative way. The only thing I can think of is possibly proxying the SSH client connection via a Jumphost server which supports the ssh-rsa host key algorithm.
You may want to create a Support Case with F5 to see if they are able to provide any further suggestions.
PilowHi,
Thank you for your support.
I tried editing the sshd_config file manually but still didn't work.
I found out a few more articles and turned out that F5 removed support of ssh-rsa even though I can still see BIG-IP with 17.1.1 using ssh-rsa through a command "sshd -T | grep -i hostkeyalgorithms"
Reference:
https://my.f5.com/manage/s/article/K000136120
https://my.f5.com/manage/s/article/K000135559
I know it's tough but I'm asking if there is any other way to make it work besides updating the 3rd party software.
Good find.
Unfortunately, I do not think there is any alternative way. The only thing I can think of is possibly proxying the SSH client connection via a Jumphost server which supports the ssh-rsa host key algorithm.
You may want to create a Support Case with F5 to see if they are able to provide any further suggestions.
- PhatANhappy
MVP
I would check this:
bash
grep "IFS" /bin/scp-checkfp
IF - you have " --- it should be changed to '
will not effect traffic flow - and should fix without restarting anything.process:
mount -o remount,rw /usr
vi /bin/scp-checkfp
search for : IFS=$"\n"
change to " IFS=$'\n'
mount -o remount,ro /usr
