Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

SSH auth via key not working after installing 13.1.5 HF 20 and LogLevel can't be increased

silentbob
Nimbostratus
Nimbostratus

‎06-Nov-2023 22:37

Hi guys,

I am struggeling with an issue on the BigIP, after installing the Hotfix 20

I am not able to login via ssh using key authentification. 

I can login via password.

Figuring out what is going wrong is hard, without any usefull Logging.

so I changed the loglevel in

/var/run/config/sshd_config

LogLevel DEBUG3

and did a 

service sshd restart

also an 

bigstart restart sshd

both said restart OK, but still only successful logins get logged.

So I tried

tmsh modify /sys sshd log-level debug3

restarted sshd again and again not change in the logs.

can anyone tell me why the Loglevel increase has no efffect or maybe tell me if the HF 20 changed something in handling ssh keys on the BigIP

Any help is appreciated

Labels:
0 Kudos
4 REPLIES 4

whisperer
Nacreous
Nacreous

‎10-Nov-2023 11:44

You may have a broken symlink. "a BIG-IP upgrade causes the symlink to point to a nonexistent file" Please see the following article:

https://my.f5.com/manage/s/article/K13454

This issue occurs during a software update.

0 Kudos

M_Saeed
Cirrus
Cirrus

‎10-Nov-2023 15:51 - edited ‎10-Nov-2023 16:30

Hello,

I'm not sure if such old proposed workaround will help to fix it. https://my.f5.com/manage/s/article/K17318

Could you check and update if it would help?

 

0 Kudos

whisperer
Nacreous
Nacreous
In response to M_Saeed

‎10-Nov-2023 16:02

Such things have always been an issue. If you customize an F5 outside of the GUI or TMSH commands, you may lose certain customizations between upgrades.

Also, let's be serious here. I'm not going to test the recreation of a symlink. This would take you 10 seconds to implement and test. If you want someone else to truly perform offline testing, and replicate your use case, you would need to provide UCS backups and such. That is all professional services. Of course, you can always submit an F5 support case ticket.

0 Kudos

silentbob
Nimbostratus
Nimbostratus

‎12-Nov-2023 23:04

Hi,

 

got it fixed last week. It was 2 things.

It was a Link issue, but sadly through another coincidence It was not fixing it. So I thought this is not the fix.

They removed the support of DSA ssh keys (what ist goog and completly fine).

If increasing of the Loglevel would work, this would be easy to find, but this way it took me a lot of time.

Now using secure Keys it's working again.

 

But thx for your answers guys

0 Kudos
Copyright © 2023 Khoros, LLC