For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
16 years ago

v10 Passwordless Authentication (RSA Cert)

Hello,   I'm trying to enable passwordless ssh/scp access to a v.10 LTM.   I've followed the same procedure I had for v.9, which used to work (generate a RSA key, export pub key, modify au...
management
monitoring
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
16 years ago
Hi Manuel,

 

 

For testing, it's fine to edit the sshd_config. There's a possibility that the change will get overwritten during a config reload though.

 

 

The new way to modify the daemon configuration in 9.4.2+/10.x is to use the bpsh to customise the /config/bigip_sys.conf file.

 

 

LTM 9.4.2+: Custom Syslog Configuration

 

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155

 

 

 

From ismith"

 

 

This is also a template for all system daemons controlled by SCF, so you can modify, for example, sshd to permit publick key authorization with an sshd.inc file like this:

 

 

sshd include "

 

PubkeyAuthentication yes

 

AuthorizedKeysFile /config/ssh/authorized_keys

 

"

 

 

 

 

So if you create a file called my_sshd.inc containing the four lines above, you can run 'bpsh < my_sshd.inc' and then 'b save all' to add the sshd configuration options to the bigip_sys.conf file.

 

 

Aaron