Forum Discussion

f5beginner's avatar
f5beginner
Icon for Cirrostratus rankCirrostratus
Aug 09, 2019

SSH proxy not working

Hi All,

 

I used this instructions: https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.html to configure ssh proxy, but without success.

 

How it works:

 

Putty show me login, but after I write there some login, it give me error message: Network error: Software caused connection abort.

Logs on F5 show me this: ssh_serverside_auth_fail Real server public key" in the configuration does not match the private key of the backend server",

 

I have already checked public key from backend server.

 

I want only authentication via username and password via ssh proxy.

 

Thank you

  • Your public key have to look like:

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCziS6yavPpFuRjLP9hzRiEBcVgLDynoWqNMuwCrOREkSiDqWqFRrydFCGy6Z1WwwJuDMIw5h3sIuqtOo78zd6pBabXpj0QLUyLtGx80Oe3vInpwxvG2/YX9KaGjofkasZJ+tOqoOe5QscnUYr7Iw6CEuo2dBVIZyL/o1IyTvDfL8+yXO4vPzadmL0gvV1F56feRVsCF0HUrhWwdrQ6CpIpX6acsY0HayrhOGPmVF4qRz7fLySHJ5XQz5IKXJRNHJEbXx2tiV1TuQlhz8gOMqMp2IiSqyKDcUTk2Oy0fPYkNAWPlifq7GplYkit85EL5UCgtHf595rqibOQJWFAAzHF 

     

    It have to be one long string, without any newlines. And without "email" at the end of the string.

     

    If all correct you can try to find HostKey directives on your backend ssh server config and comment out all except the rsa, like this:

    HostKey /etc/ssh/ssh_host_rsa_key

    #HostKey /etc/ssh/ssh_host_ed25519_key

     

  • BTW does it work with putty for you?

    It hangs up with putty for me after entering the password. WinSCP and MobaXterm works fine, so its look like the putty issue (not PAM as i assumed before).