F5 Automated Backups - The Right Way
Hi all,
Often I've been scouring the devcentral fora and codeshares to find that one piece of handywork that will drastically simplify my automated backup needs on F5 devices. Based on the wo...
Published Mar 12, 2014
Version 1.0
Thomas_Schocka1
Altocumulus
Altocumulus
Thomas_Schocka1Altocumulus
AltocumulusHi Gert,
Does it also work when you specify the private key file (which you upload manually, in unencrypted format, to the F5 first, for testing purposes only) on the commandline while doing an ssh command?
Steps:
1) copy contents of private key file to a file on the F5
2) run the command "ssh -i /path/to/private/key/file myusername@10.1.2.3"
If the SSH-server on 10.1.2.3 is configured to look for an authorized_keys file under the user's home directory, the file /home/myusername/.ssh/authorized_keys should contains, on a single line, the contents of the public key part (id_rsa.pub).
If you uploaded the corresponding private key part, and you specified on the command line where it it found, it should normally log you in without asking for a password. This tells you that your privatekey+publickey ssh authentication is working fine server-wise and for this keypair. This also tells you that the problem lies with the way the iApp tries to do it.
The iApp actually reads the field for the private key, which does not contain any newlines due to the field being a textbox and the private key being copied into it from your paste buffer. The iApp then puts newlines where needed, so the scp command has access to a "decent" private key file. It stores this under /config/, but it does so in encrypted format, using the F5 Unit Master Key as salt. You can decrypt this file as such, which should yield no error and give you a decent private key file:
sed -n '4,$p' /config/f5.automated_backup_scp.conf | openssl aes-256-ecb -salt -a -d -k $(f5mku -K)
Kind regards,
Thomas