Forum Discussion
soymanue
Nimbostratus
Nimbostratusv10 Passwordless Authentication (RSA Cert)
Hello,
I'm trying to enable passwordless ssh/scp access to a v.10 LTM.
I've followed the same procedure I had for v.9, which used to work (generate a RSA key, export pub key, modify authorized_keys file, etc...)
But it doesn't work.
I've checked the sshd_config file. These lines are commented, and maybe they should't:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
I haven't tried it because at the beginning of the file it says:
THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!!
Any help??
Thank you in advance
1 Reply
hoolioCirrostratus
Hi Manuel,
For testing, it's fine to edit the sshd_config. There's a possibility that the change will get overwritten during a config reload though.
The new way to modify the daemon configuration in 9.4.2+/10.x is to use the bpsh to customise the /config/bigip_sys.conf file.
LTM 9.4.2+: Custom Syslog Configuration
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155
From ismith"
This is also a template for all system daemons controlled by SCF, so you can modify, for example, sshd to permit publick key authorization with an sshd.inc file like this:
sshd include "
PubkeyAuthentication yes
AuthorizedKeysFile /config/ssh/authorized_keys
"
So if you create a file called my_sshd.inc containing the four lines above, you can run 'bpsh < my_sshd.inc' and then 'b save all' to add the sshd configuration options to the bigip_sys.conf file.
Aaron
