Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Feb 03, 2010

v10 Passwordless Authentication (RSA Cert)

Hello,

 

I'm trying to enable passwordless ssh/scp access to a v.10 LTM.

 

I've followed the same procedure I had for v.9, which used to work (generate a RSA key, export pub key, modify authorized_keys file, etc...)

 

But it doesn't work.

 

I've checked the sshd_config file. These lines are commented, and maybe they should't:

 

RSAAuthentication yes

 

PubkeyAuthentication yes

 

AuthorizedKeysFile .ssh/authorized_keys

 

 

 

I haven't tried it because at the beginning of the file it says:

 

 

THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!!

 

 

 

Any help??

 

 

Thank you in advance
management
monitoring

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 05, 2010
    Hi Manuel,

     

     

    For testing, it's fine to edit the sshd_config. There's a possibility that the change will get overwritten during a config reload though.

     

     

    The new way to modify the daemon configuration in 9.4.2+/10.x is to use the bpsh to customise the /config/bigip_sys.conf file.

     

     

    LTM 9.4.2+: Custom Syslog Configuration

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155

     

     

     

    From ismith"

     

     

    This is also a template for all system daemons controlled by SCF, so you can modify, for example, sshd to permit publick key authorization with an sshd.inc file like this:

     

     

    sshd include "

     

    PubkeyAuthentication yes

     

    AuthorizedKeysFile /config/ssh/authorized_keys

     

    "

     

     

     

     

    So if you create a file called my_sshd.inc containing the four lines above, you can run 'bpsh < my_sshd.inc' and then 'b save all' to add the sshd configuration options to the bigip_sys.conf file.

     

     

    Aaron