F5 Automated Backups - The Right Way

Hi Gert,

 

 

Does it also work when you specify the private key file (which you upload manually, in unencrypted format, to the F5 first, for testing purposes only) on the commandline while doing an ssh command?

 

 

Steps:

 

1) copy contents of private key file to a file on the F5

 

2) run the command "ssh -i /path/to/private/key/file myusername@10.1.2.3"

 

 

If the SSH-server on 10.1.2.3 is configured to look for an authorized_keys file under the user's home directory, the file /home/myusername/.ssh/authorized_keys should contains, on a single line, the contents of the public key part (id_rsa.pub).

 

If you uploaded the corresponding private key part, and you specified on the command line where it it found, it should normally log you in without asking for a password. This tells you that your privatekey+publickey ssh authentication is working fine server-wise and for this keypair. This also tells you that the problem lies with the way the iApp tries to do it.

 

 

The iApp actually reads the field for the private key, which does not contain any newlines due to the field being a textbox and the private key being copied into it from your paste buffer. The iApp then puts newlines where needed, so the scp command has access to a "decent" private key file. It stores this under /config/, but it does so in encrypted format, using the F5 Unit Master Key as salt. You can decrypt this file as such, which should yield no error and give you a decent private key file:

 

 

sed -n '4,$p' /config/f5.automated_backup_scp.conf | openssl aes-256-ecb -salt -a -d -k $(f5mku -K)

 

 

Kind regards,

 

 

Thomas