F5 automated backup with iApp - SCP passwordless authentication not working

Hi, which content did you have placed in the password field and what is the template that you used? I've seen some good versions around here and I'm afraid of what you need to do now.

 

But, I'm using a version where needs to put the RSA key.

 

[ ]

 

Hi,

Looking around, I saw a possible issue when we fill the content in the password field. For example, when you copy the private key RSA/DSA content to the browser, it changes the line breaks to a blank spaces (I have not tested in all browsers). So, there is a command line in the script should revert these spaces into line break again:

set cleaned_privatekey [exec echo "$::destination_parameters__scp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]

Before I copying the private key RSA/DSA from Linux, I did the following:

1) I created the key without passphrase:

ssh-keygen -t dsa

2) I opened that key in vi editor:

vi /root/.ssh/id_dsa

3) I replaced that LF with command:

:%s/\n/\\n/g

Original DSA:

-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCdRL3IXiezeyf9+Xqf2BqfbYMKgLQRM1vcj+dUsAJDn8CVpHZe
XGuAT6uIU6T2d1AUmmlL6FPesVfsxyBl+OFfXqWMWnHF4DdqI2435tRzqcC0jXDJ
WYOrK233UvMz8Pie1htvHF3CxvTX9K8leuMpNCBznvHfsEjvnN2modZ1lQIVANqT
/y5aBYxwUhU4Kjii6hHwwMlNAoGAIEaD6+aexKoFmxJ6PuUA/UCffn/unAUi4BXV
+WukP5gkHWdDNSKlZkOKFsrAU0PfmBOHe0qE4NDIcH08U4iYkxirkgwsXFRTFcVh
CdXVaULxN0jgFx2yL0SfvhjEL9n4WPy52qKAgM3tsGEURY+4atikqrY07mpyMwGl
5LEYN4ECgYAEZxa4fmCHpGJ033tXNcyHlXhpVVgw7u5+WbN3Wj8UDXN3lonkW+VZ
L4QO90cWg2XmzwQvow6GJzCihRaE3GeXLGxLmEbe07zw+6vkBAtD3Us4vJSJUrRC
6nT4VwW63Cvebvx7y3JMqWsp8zR2ztYCdCbNFNrUU8S8rrSys0hsEgIULzBeRgMr
S5GI7x+bdFXk62TEQ5Q=
-----END DSA PRIVATE KEY-----

Replaced:

-----BEGIN DSA PRIVATE KEY-----\nMIIBugIBAAKBgQCdRL3IXiezeyf9+Xqf2BqfbYMKgLQRM1vcj+dUsAJDn8CVpHZe\nXGuAT6uIU6T2d1AUmmlL6FPesVfsxyBl+OFfXqWMWnHF4DdqI2435tRzqcC0jXDJ\nWYOrK233UvMz8Pie1htvHF3CxvTX9K8leuMpNCBznvHfsEjvnN2modZ1lQIVANqT\n/y5aBYxwUhU4Kjii6hHwwMlNAoGAIEaD6+aexKoFmxJ6PuUA/UCffn/unAUi4BXV\n+WukP5gkHWdDNSKlZkOKFsrAU0PfmBOHe0qE4NDIcH08U4iYkxirkgwsXFRTFcVh\nCdXVaULxN0jgFx2yL0SfvhjEL9n4WPy52qKAgM3tsGEURY+4atikqrY07mpyMwGl\n5LEYN4ECgYAEZxa4fmCHpGJ033tXNcyHlXhpVVgw7u5+WbN3Wj8UDXN3lonkW+VZ\nL4QO90cWg2XmzwQvow6GJzCihRaE3GeXLGxLmEbe07zw+6vkBAtD3Us4vJSJUrRC\n6nT4VwW63Cvebvx7y3JMqWsp8zR2ztYCdCbNFNrUU8S8rrSys0hsEgIULzBeRgMr\nS5GI7x+bdFXk62TEQ5Q=\n-----END DSA PRIVATE KEY-----

After that, I did the copy and paste to the password field and it works.

I can not say if there is already some latest version of this script, therefore, If you prefer to change the templante, I just advise you to make a new copy of this template and change the following in the implementation script:

With the following, you should no longer need perform the steps above:

set cleaned_privatekey [exec echo "$::destination_parameters__scp_sshprivatekey" | sed -e "s/BEGIN RSA PRIVATE KEY/BEGIN;RSA;PRIVATE;KEY/g" -e "s/END RSA PRIVATE KEY/END;RSA;PRIVATE;KEY/g" -e "s/ /\\\n/g" -e "s/;/ /g"]
set cleaned_privatekey [string map {"BEGIN DSA PRIVATE KEY" "BEGIN;DSA;PRIVATE;KEY" "BEGIN RSA PRIVATE KEY" "BEGIN;RSA;PRIVATE;KEY"} $::destination_parameters__scp_sshprivatekey]
set cleaned_privatekey [string map {"END DSA PRIVATE KEY" "END;DSA;PRIVATE;KEY" "END RSA PRIVATE KEY" "END;RSA;PRIVATE;KEY"} $cleaned_privatekey]
set cleaned_privatekey [string map {"\r" "" " " "\n" ";" " "} $cleaned_privatekey]

By changing this, the script will remove the local backup from the BigIP successfully, otherwise, this will not remove the UCS/SCF local files correctly.

exec rm -f BACKUPDIRECTORY/$fnameBACKUPFILESCRIPTEXTENSION
exec rm -f BACKUPDIRECTORY/${fname}BACKUPFILESCRIPTEXTENSION

I hope this helps you in some way.

OK.

Can you complete the wizard and create the application or did you have this error before?

I noticed an error that can be in sync messages. You have pairs of BigIP?

Could you tell me if the /config/f5.automated_backup_scp.conf file is in all the boxes?

Please, could you test the script bellow? Is a copy of original script with minimum changes.

put()
{
        fields="username server directory"
        i=1
        f5masterkey=$(f5mku -K)
        for current_field in $fields ; do
                sedcommand="${i}p"
                current_encrypted_value=$(sed -n "$sedcommand" /config/f5.automated_backup_scp.conf)
                current_decrypted_value=$(echo "$current_encrypted_value" | openssl aes-256-ecb -salt -a -d -k $f5masterkey)
                eval "$current_field=$current_decrypted_value"
                let i=$i+1
                unset current_encrypted_value current_decrypted_value sedcommand
        done
        sed -n '4,$p' /config/f5.automated_backup_scp.conf | openssl aes-256-ecb -salt -a -d -k $f5masterkey > /var/tmp/scp.key
        chmod 600 /var/tmp/scp.key
                cat  /var/tmp/scp.key
                testfile="/var/tmp/test.tx"
                echo "Test!" > $testfile
        scp -i /var/tmp/scp.key ${testfile} ${username}@${server}:${directory}
        rm -f /var/tmp/scp.key
        return $?
}
put

call e.g.: "bash -x scp2.sh" and share the result, please

I'm trying all the possibilities here.

Thank you for your attention.