Forum Discussion

Toefer_133125's avatar
Toefer_133125
Icon for Nimbostratus rankNimbostratus
Sep 10, 2013

What is "Host Processor Superuser" in /var/ssh/root/authorized_keys?

I am currently using 11.3.0. When looking at the authorized_keys file for root, I found an SSH key for Host Processor Superuser. What is this for and is it okay to remove it?

 

  • I am currently using 11.3.0. When looking at the authorized_keys file for root, I found an SSH key for Host Processor Superuser. What is this for and is it okay to remove it?

     

    as far as i know, Linux host on the BIG-IP is the Host Processor. The Host Processor Superuser is used by the LCD panel to allow limited configuration access of the management port without having to log into console port or management interface.

     

    So basically, it will be needed by your box as long as you want to config your box with LCD panel.

     

    correct me if i wrong.

     

  • I am currently using 11.3.0. When looking at the authorized_keys file for root, I found an SSH key for Host Processor Superuser. What is this for and is it okay to remove it?

     

    as far as i know, Linux host on the BIG-IP is the Host Processor. The Host Processor Superuser is used by the LCD panel to allow limited configuration access of the management port without having to log into console port or management interface.

     

    So basically, it will be needed by your box as long as you want to config your box with LCD panel.

     

    correct me if i wrong.

     

    • brad_11480's avatar
      brad_11480
      Icon for Nimbostratus rankNimbostratus

      I removed this entry from the authorized_keys file for root.. I don't use the LCD panel (don't even have it hooked up). So it appears this is no problem/issue to not have it there..

       

    • TheGrave's avatar
      TheGrave
      Icon for Nimbostratus rankNimbostratus

      I'm correcting you - this can't be it. This key is present on VMs as well.

      I'll tell you what it is and you're not gonna like it - it's a backdoor left by stupid F5 engineers. They have a DB with private keys mapped to every serial number which they can use for logging in emergency (or not so emergency) situations. Checkpoint used a similar backdoor by logging in with localhost username on devices without being provided any credentials for it. Username was stored in /etc/passwd and /etc/shadow only and is not visible to the end customer who doesn't have access to these files. Every story I heard like this ends up in massive abuse/formatting/installation of ransomware and what not. Read about the recent QNAP screw up.