Forum Discussion
silentbob
Nimbostratus
NimbostratusSSH auth via key not working after installing 13.1.5 HF 20 and LogLevel can't be increased
Hi guys,
I am struggeling with an issue on the BigIP, after installing the Hotfix 20
I am not able to login via ssh using key authentification.
I can login via password.
Figuring out what is going wrong is hard, without any usefull Logging.
so I changed the loglevel in
/var/run/config/sshd_config
LogLevel DEBUG3
and did a
service sshd restart
also an
bigstart restart sshd
both said restart OK, but still only successful logins get logged.
So I tried
tmsh modify /sys sshd log-level debug3
restarted sshd again and again not change in the logs.
can anyone tell me why the Loglevel increase has no efffect or maybe tell me if the HF 20 changed something in handling ssh keys on the BigIP
Any help is appreciated
- whisperer
MVP
You may have a broken symlink. "a BIG-IP upgrade causes the symlink to point to a nonexistent file" Please see the following article:
https://my.f5.com/manage/s/article/K13454
This issue occurs during a software update.
M_SaeedCirrus
Hello,
I'm not sure if such old proposed workaround will help to fix it. https://my.f5.com/manage/s/article/K17318
Could you check and update if it would help?
- whisperer
Such things have always been an issue. If you customize an F5 outside of the GUI or TMSH commands, you may lose certain customizations between upgrades.
Also, let's be serious here. I'm not going to test the recreation of a symlink. This would take you 10 seconds to implement and test. If you want someone else to truly perform offline testing, and replicate your use case, you would need to provide UCS backups and such. That is all professional services. Of course, you can always submit an F5 support case ticket.
silentbobHi,
got it fixed last week. It was 2 things.
It was a Link issue, but sadly through another coincidence It was not fixing it. So I thought this is not the fix.
They removed the support of DSA ssh keys (what ist goog and completly fine).
If increasing of the Loglevel would work, this would be easy to find, but this way it took me a lot of time.
Now using secure Keys it's working again.
But thx for your answers guys
