For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

moog67_108621's avatar
moog67_108621
Icon for Nimbostratus rankNimbostratus
Feb 21, 2014

SCP to F5 question

Hi everyone,

 

Very basic stuff question for sure.., I'm writing a script to backup UCS config files regularly from a UNIX system through SCP. I have generated a private/public key pair with ssh-keygen on my server for root account and copied the id_rsa.pub key in the "authorized_keys" file on target F5 (BIG-IP 1600) to avoid being prompted for password.

 

However, it is not working. Everytime I run the scp commnad I'm asked for the root password. Is root login through SSH disabled in F5?, what am I doing wrong?

 

Activating the debug option on scp I'm getting this trace

 

debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased debug1: Next authentication method: publickey debug1: Offering public key: /root/.ssh/id_rsa debug1: Authentications that can continue: publickey,keyboard-interactive,hostbased debug1: Trying private key: /root/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive <<<<<<<<<<<<<<<< Password: debug1: Authentication succeeded (keyboard-interactive). <<<<<<<<<<<<<<<<<< and the remote copy completes OK.

 

Any ideas?, Thanks in advance,

 

Moog

 

application delivery
BIG-IP Access Policy Manager (APM)
LTM
management
security

4 Replies

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 21, 2014

    If you SSH from the F5 to your UNIX server, are you prompted to trust the host key? If so, trust it and then try again.

     

  • moog67_108621's avatar
    moog67_108621
    Icon for Nimbostratus rankNimbostratus
    Feb 21, 2014

    Still no joy, I'm prompted for remote server's password

     

    scp root@X.X.X.X:/var/f5backups/test /var/tmp

    The authenticity of host 'X.X.X.X (X.X.X.X)' can't be established. RSA key fingerprint is "some_key_fingerprint" Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'X.X.X.X' (RSA) to the list of known hosts. SomeServer .....

     

    root@X.X.X.X's password:

     

  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Feb 21, 2014

    Well, now your boxes should trust each other. Does the key login from your UNIX server to F5 work now?

     

  • amolari's avatar
    amolari
    Icon for Cirrostratus rankCirrostratus
    Feb 21, 2014

    i think you shouldn't use root. Create another user with admin+bash rights and use that one. In v11.x should work without changing the configuration, as long as the authorized_keys file is properly set. https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13454.html