Forum Discussion
InnO
Nimbostratus
NimbostratusSCP not working anymore since upgrade to 12.1
Hi,
I recently upgraded my Big-IP from 11.6 HF6 to 12.1 successfully. However, I am not able anymore to execute scp commands which I used to transfer my ucs backups remotely. Any attempt always end up with a "no hostkey alg" error. I tried many different things like regenerating rsa and dsa keys like I always do after an upgrade, but as of today have been unsuccessful...
Any advice someone ?
Thanks, Pascal.
ekaleido_26616Cirrocumulus
Try this...
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
InnOThanks, but tried that already, with no success. There was no ssh folder under /etc by the way...
- ekaleido
Cirrus
Try this...
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key- InnO
Thanks, but tried that already, with no success. There was no ssh folder under /etc by the way...
- InnO
Not sure that can help but, but here is a verbose output for the scp :
dexterstuRan into this same issue and we were also using Bitvise SSH Server.
Beginning in BIG-IP 12.1.0, the BIG-IP system no longer supports DSA keys for SSH connections (as it is using OpenSSL 7.0).
https://support.f5.com/kb/en-us/solutions/public/k/40/sol40220910.html
The problem for us was with the host key that the SSH server was presenting, not the keys that were generated on the F5 for authentication. The Bitvise SSH Server was presenting a DSA host key, which is no longer supported.
Fix was to generate a new Host key from within Bitvise Control Panel (Manage Host Keys --> Generate New --> Employ) using the RSA Algorithm.
You may also need to clear the existing host key on the F5 by removing the relevant entries (or deleting the whole file) from /root/.ssh/known_hosts
- InnO
Hi Stuart, just forgot to put an update on that case, but that is exactly what I did too to fix that issue :)
Thanks, Have a good one,
Pascal.