Forum Discussion
AWS - AFM SSH Proxy error SSH authentication
Hello all,
I follow the documentation of F5 to implement the SSH proxy :
https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-network-firewall-policies-and-implementations-14-1-0/15.html
I am using an ec2 amazon linux to test with ssh password authentication.
I configure the F5 AFM SSH VS and generate all the ssh key as asked in the big ip and the server machine.
When I test, i am prompted to enter my username but directly after this I get an error: software caused connection abort
When I check the log in /var/log/sshplugin I have this error message : the backend ssh server does not have a public key that matches the configuration
I searched in the net and I found that it's could be related with the trailing comment but for my case I didn't add it in the key.
Did someone have an idea of how we can solve this issue or know the root cause ?
Thank you in advance,
Best regards
Omar
- Martin_VlaskoAltocumulus
Hi Omar,
I experienced the same error message.
Assuming you have already generated the RSA key pair on your backend server...
On your backend server, go to /etc/ssh/sshd_config and make sure that the following line is NOT commented. Don't forget to restart the SSH service afterwards!
HostKey /etc/ssh/ssh_host_rsa_key
On your backend server, copy the SSH public key from /etc/ssh/ssh_host_rsa_key.pub, and make sure you do NOT include the trailing description, so it should look something like:
ssh-rsa AAAAB3Nza....oC/arKVST/r9
And NOT like:
ssh-rsa AAAAB3Nza....oC/arKVST/r9 root@ubuntu
Copy this backend server's RSA public key to the Real Server Auth Public Key section of the SSH Proxy Key Management.
Next, copy the F5's own RSA private key (to be found in /root/.ssh/id_rsa) to the Proxy Server Auth Private Key section of the SSH Proxy Key Management. If you do not yet have it, run the ssh-keygen as per SSH Proxy documentation.
It does work for me, hope it helps you too.
Cheers,
Martin
- Omar95Altostratus
Still have the issue. Anyone have already encounter the behavior?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com