Forum Discussion

Ganesh_Garg's avatar
Ganesh_Garg
Icon for Nimbostratus rankNimbostratus
Aug 20, 2016

SSL passphrase lost

Is there any way to retrieve or decrypt the SSL passphrase from F5 as I lost the passphrase. From the article SOL14912, it seems that the retrieval is not possible.  
devops
LTM
security
TMOS
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP

Hi Ganesh,

the passphrase is encrypted using the device master key. As long the master key of your device group hasn't changed or (at least) you've created a backup of the master-key, you will be able to restore entire UCS archives or even partial configurations containing secure strings.

https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html

https://devcentral.f5.com/articles/working-with-masterkeys

With this knowledge in mind, you can also fairly easily decrypt a specific secure-string back to plaintext without even knowing the cryptography behind. Just 

tsmh /list
the related configuration, grep the containing 
$M$
secure-string and create for an example a new HTTP health-monitor containing the exported secure-string as password (via 
tmsh load sys config merge from-terminal
). Attach the monitor to a node of your choice and then use tcpdump/wireshark to sniff the password (aka. B64 credentials) on the wire...

Cheers, Kai

paiva_x's avatar
paiva_x
Icon for Nimbostratus rankNimbostratus
Sep 01, 2023

You helped me a lot too. Thanks!