SSH Key Access

Question

Hi,&nbsp;
We are trying to enable SSH Public key Login to our F5.  It appears the switch for "pubkeyauthentication" is set to no and we are not certain how to set it to yes without modifying the sshd conf directly.  Is this the best way to do so?  if we modify it, do we need to restart SSHD? We are running 11.4.&nbsp;
Thanks!&nbsp;

nitass · Answer

what about tmsh modify sshd include command?
e.g.
// before

[root@ve11a:Active:In Sync] config  grep -i pubkeyauthentication /config/ssh/sshd_config
PubkeyAuthentication yes

// configure

[root@ve11a:Active:In Sync] config  tmsh
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) modify sys sshd include "PubkeyAuthentication no"

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list sys sshd
sys sshd {
    include "PubkeyAuthentication no"
}

// after

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) q
[root@ve11a:Active:In Sync] config  grep -i pubkeyauthentication /config/ssh/sshd_config
PubkeyAuthentication no
PubkeyAuthentication yes

what_lies_bene1 · Answer

If that doesn't work (please let us know if it does) you should be fine modifying the /config/ssh/sshd_config file directly but not any changes won't survive an upgrade.&nbsp;
If security is important to you I'd also recommend adding (although I haven't researched the best ciphers to use in a while);&nbsp;
Ciphers aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc&nbsp;
MACs hmac-sha1,hmac-md5&nbsp;

Forum Discussion

SSH Key Access

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Perl Ssh Access

Seeking Guidance on Enabling Telnet Access via SSH Proxy Using F5 BIG-IP LTM

SSL length key

7 Keys for Successfully Implementing Zero Trust Architectures

Lock and Key - Encrypting EBS Disk Volumes for BIG-IP AWS Deployments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS