What is "Host Processor Superuser" in /var/ssh/root/authorized_keys?

Question

I am currently using 11.3.0.  When looking at the authorized_keys file for root, I found an SSH key for Host Processor Superuser.  What is this for and is it okay to remove it?&nbsp;

syafiq_89483 · Accepted Answer

I am currently using 11.3.0. When looking at the authorized_keys file for root, I found an SSH key for Host Processor Superuser. What is this for and is it okay to remove it?&nbsp;

as far as i know, Linux host on the BIG-IP is the Host Processor. The Host Processor Superuser is used by the LCD panel to allow limited configuration access of the management port without having to log into console port or management interface. &nbsp;
So basically, it will be needed by your box as long as you want to config your box with LCD panel.&nbsp;
correct me if i wrong.&nbsp;

brad_11480 · Answer

I removed this entry from the authorized_keys file for root.. I don't use the LCD panel (don't even have it hooked up).   So it appears this is no problem/issue to not have it there.. &nbsp;

thegrave · Answer

I'm correcting you - this can't be it. This key is present on VMs as well.

I'll tell you what it is and you're not gonna like it - it's a backdoor left by stupid F5 engineers. They have a DB with private keys mapped to every serial number which they can use for logging in emergency (or not so emergency) situations. Checkpoint used a similar backdoor by logging in with localhost username on devices without being provided any credentials for it. Username was stored in /etc/passwd and /etc/shadow only and is not visible to the end customer who doesn't have access to these files. Every story I heard like this ends up in massive abuse/formatting/installation of ransomware and what not. Read about the recent QNAP screw up.

Forum Discussion

What is "Host Processor Superuser" in /var/ssh/root/authorized_keys?

3 Replies

Recent Discussions

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

iRules Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"

Does the "Static Hosts" feature work for IOS VPN clients?

If "Add Valid Host Name" violation is detected, should I accept or delete it. Sufficient sample request and score level is 100.

HTTP monitor send string about "host"

Can't call after responding - ERR_NOT_SUPPORTED invoked from within "HTTP::host"