Forum Discussion
TK_45015
Feb 08, 2012Nimbostratus
ssh public key auth with tacacs+ enabled
Hi Gurus! I have configured tacacs+ authentication in LTM box that is running 10.2 software - works like a charm. But I have also configured one local account and trying to get ssh public ke...
Did this change in 10.2? I was able to login with a local user via public key auth and with tacacs+ defined while i was running 10.1. yesterday i upgraded to 10.2.3 and I'm getting the same errors in my /var/log/secure logs as TK:
Feb 28 10:20:17 local/MY-BIGIP crit sshd[13317]: fatal: Access denied for user my_user by PAM account configuration
it seems like there should be an update you can make to /config/bigip/pam.d/sshd to allow this to work? or maybe someplace else?
alois_2269
Nov 10, 2016Nimbostratus
I have the same error. Tried the documentation:
https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13454.htmlbigipsshdaccept
But did not carefully read the prerequisites:
You must meet the following prerequisites to use this procedure:
- You are familiar with SSH protocol
- You are familiar with the vi text editor
- Your BIG-IP system is configured to use the local user directory for system authentication
I tried following procedures:
- Switch off the remote authenticaton -> ssh-key auth works :-)
- turn on remote authentication -> ssh-key auth does not work anymore :-(
Any suggestions ? Seems no local auth will work if remote-auth is running/configured.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects