For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Pilow's avatar
Pilow
Icon for Nimbostratus rankNimbostratus
Jan 11, 2024
Solved

Add ssh-rsa to 17.1.1 host key algorithm

  Hello, I've recently upgraded a HA pair of LTM devices to 17.1.1 and found out that I can no longer access the devices through 3rd party software SSH connection. I've been searching for the artic...
application delivery
security
  • Michael_Saleem's avatar
    Michael_Saleem
    Jan 17, 2024

    Good find.

    Unfortunately, I do not think there is any alternative way. The only thing I can think of is possibly proxying the SSH client connection via a Jumphost server which supports the ssh-rsa host key algorithm.

    You may want to create a Support Case with F5 to see if they are able to provide any further suggestions.

Pilow's avatar
Pilow
Icon for Nimbostratus rankNimbostratus
Jan 17, 2024

 

Hi,

Thank you for your support.

I tried editing the sshd_config file manually but still didn't work.

I found out a few more articles and turned out that F5 removed support of ssh-rsa even though I can still see BIG-IP with 17.1.1 using ssh-rsa through a command "sshd -T | grep -i hostkeyalgorithms"

 

Reference:

https://my.f5.com/manage/s/article/K000136120

https://my.f5.com/manage/s/article/K000135559

 

I know it's tough but I'm asking if there is any other way to make it work besides updating the 3rd party software.

  • Michael_Saleem's avatar
    Michael_Saleem
    Icon for MVP rankMVP
    Jan 17, 2024

    Good find.

    Unfortunately, I do not think there is any alternative way. The only thing I can think of is possibly proxying the SSH client connection via a Jumphost server which supports the ssh-rsa host key algorithm.

    You may want to create a Support Case with F5 to see if they are able to provide any further suggestions.