For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kelkin_337742's avatar
kelkin_337742
Icon for Nimbostratus rankNimbostratus
Oct 16, 2017

TACAS & SSH Host Based Auth - Any way to make this happen?

From everything I've read, if you are using remote authentication such as TACAS or LDAP, and want to use SSH host based authentication, you just plain can't since local authentication is disabled exc...
BIG-IP
security
Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
Oct 16, 2017

Using remote authentication for management, you can still create users. The system will create the user called Other External Users, that means any remote user. You can then create a new user, however, the password will come from the remote server.

Imagine that you want all remote users to have guest role, but some users to have administrator role. You setup the Other External Users to guest, and manually create any user that needs administrator role in the remote server and also in the F5.

For your problem, that means users with Linux access still exists, and they exist locally without a password. This should allow you setup the SSH and run the script you need. You will need to test to see if works. 😛

As an example the user test1 I created after setup the remote authentication.

[root@LABBIGIP1:Peer Time Out of Sync:Changes Pending] log  cat /etc/passwd | grep test1
test1:x:0:500:test1:/home/test1:/bin/bash
[root@LABBIGIP1:Peer Time Out of Sync:Changes Pending] log  cat /etc/shadow | grep test1
test1:!!:17455:0:99999:7:::