SSH-proxy and keyboard interactive authentication not working
I am trying to test the SSH proxy funtionality of AFM, but I am not succeeding at all. I am aiming for keyboard interactive authentication (username/password), but all I get is "Authentication failed." For my test-setup I have followed this to the letter: https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.print.html Section: Defining SSH proxy password or keyboard interactive authentication My setup goes: 10.128.1.1 --> 10.128.10.100 (VS with SSH-proxy profile) --> 10.128.10.128 (backend server) Directly SSH 10.128.1.1 ---> 10.128.10.128 work just fine If I goes through the virtuel Bigip on 10.128.10.100 I get: debug1: Host '10.128.10.100' is known and matches the RSA host key. debug1: Found key in /Users/testuser/.ssh/known_hosts:4 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive,password debug1: Next authentication method: publickey debug1: Trying private key: /Users/testuser/.ssh/id_rsa debug1: Trying private key: /Users/testuser/.ssh/id_dsa debug1: Trying private key: /Users/testuser/.ssh/id_ecdsa debug1: Trying private key: /Users/testuser/.ssh/id_ed25519 debug1: Next authentication method: keyboard-interactive Authentication failed. I have taken to public key from the backend server /etc/ssh/ssh_host_rsa_key.pub and placed a copy in "Real Server Auth Public Key" field. I have taken a private key generated on the virtual Bigip, using ssh-keygen, and placed a copy in "Proxy Server Auth Private key" field. I made sure that HostKey /etc/ssh/ssh_host_rsa_key is not commented out on the backend server. According to the article linked to above, it should now work, but it does not. Can anyone help me?