For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Gibson_30's avatar
Brian_Gibson_30
Icon for Nimbostratus rankNimbostratus
Feb 12, 2019

Unable to use SSH keys with TACACS configured.

Hi,   I'm trying to set up remote SSH authorization using SSH keys. However it seems that I have some sort of conflict because we are using TACACS.   TACACS maps remote users to root. I...
BIG-IP
devops
LTM
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Feb 12, 2019

Hi Brian,

TACACS does not provide direct shell access - bash mode. For a ssh keyless login to work, it require to land in shell mode - bash. Only local user accounts land in direct bash. Remote roles always land in tmsh shell. One has to run 'bash or run until bash' from tmsh to get into bash.

With that being said, you can't configure a TACACS user to do keyless login. You would need to create a local user account, like root an admin accounts. They authenticate locally on the box.

Let's say for ansible you have created an account - ansibleops.

Do you see ansibleops in the auth user list and localuser file.

tmsh list auth user ansibleops

cat /config/bigip/auth/localusers

If tmsh list shows ur ansibleops, and localuser doesn't. You have to add ur ansibleops in that file.