Manual Chapter :
Authenticate SSH
Proxy with the server private key
Applies To:
Show VersionsBIG-IP AFM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Authenticate SSH
Proxy with the server private key
This task is optional and only applies if the SSH virtual
server IP address to which you attach the SSH Proxy profile has the same IP
address as the backend SSH server. Clients connect directly to the backend SSH
server address via the SSH proxy in the middle.
- On the Main tab, click.The Protocol Security: Security Profiles: SSH Proxy screen opens.
- Click the name of the SSH proxy profile to edit, or create a new one.The SSH Profile screen opens.
- Click theKey Managementtab.
- ClickAdd New Auth Info.
- In theEdit Auth Info Namefield, type a name for the authentication info settings.
- To edit an existing rule, click the name of the rule. For example, clickDefault Actionsto edit the default rule for a profile.
- To add a new rule, clickAdd New Rule. A new line is added to the list of rules. Add a name to the rule to begin editing.
- In theReal Server Auth Public Keyfield paste the Host public key from your backend server.The real server auth key must not be commented out in your sshd configuration. To make sure, on your backend SSH server, locate the fileetc/ssh/sshd_config, and make sure the lineHostKey /etc/ssh/ssh_host_rsa_keyis not commented out.
- Get the private key from the backend SSH server.For example, on the SSH backend server, at the following prompt, the admin uses the specified command to get the SSH server private key:admin@Ubuntu-VM3:~$sudo cat /etc/ssh/ssh_host_rsa_keyThe output of this command is the private key:-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAs4kusmrz6RbkYyz/Yc0YhAXFYCw8p6FqjTLsAqzkRJEog6lq hUa8nRQhsumdVsMCbgzCMOYd7CLqrTqO/M3eqQWm16Y9EC1Mi7RsfNDnt7yJ6cMb xtv2F/Smho6H5GrGSfrTqqDnuULHJ1GK+yMOghLqNnQVSGci/6NSMk7w3y/Pslzu Lz82nZi9IL1dReen3kVbAhdB1K4VsHa0OgqSKV+mnLGNB2sq4Thj5lReKkc+3y8k hyeV0M+SClyUTRyRG18drYldU7kJYc/IDjKjKdiIkqsig3FE5NjstHz2JDQFj5Yn 6uxqZWJIrfORC+VAoLR3+fea6omzkCVhQAMxxQIDAQABAoIBAHTx2cIMGr7s022q hNtu3hY5MBz6E7RZV2+MCOGhPrtPFmXUt/cCYZ+r2luRApTeR7npg6CYdEs5X0Xh S/xuGShd7xSvSz07VI33w2b2KMms/OSQ24oIA2ANU194fhoSVwEfajrNvsMVNWZu HiqB5lRh/7/ik25rCAgemU79zraBdYC5FMzlMnl2TRrxlT0NjGtaniH+wpkZm1x6 S/evuvaJOYWhp8tarMQDcfPi0HNU4+agwRxrCcGNqei7nROTvXjVmsqxrcHGKCdF 4LdJyPJ6KYjtm0IcEYzKAFY3+haeX7ico3vRjSNSfMQwJbcJDMgoQpf44dFf9Jht fEIuHUECgYEA4nwySeehTVftHxg3iv1Azy6FGT5q4KwXktA4G3fMjUmjjDQ2NAx0 VxlSEOU5sH2au8b19s/rOPsPjvYBYRAp8s+JD5BVVnfiJ/pcK8d+ws9gB65V0c3X /ly3Gvz/He8B//CaaGCJOfzlmP4KKwfD3KzHw6+LJHEIdTHjQCMRnvUCgYEAyu60 WDEUpZf3dlOcfpTwaDdKtaHMOCQPH5LMD1vZAQdD1Gts20rEgDp8iKf/jXbo8/uA HfR5jz89AgDygIlWO15an710W8DrhCBYvRP44X9KcQeZlqJswDiOc5tRApunrac1 fEPaJ7OTdLElyA7GuZlIJVkgCLfyDodohewb5ZECgYBfLVwgzLNvglTGrXGh+h2D M4SBgEZ/1jIt40zA1k5izaBqKgLhSp6Vf7GKIhplPdOJt+njZ6rtDiySonUf6iAG xwpNPRVvuf+TV1Xmm/Z8PZOYhr3P5lYvsZzNPaakWK2Zde4dkPv6H3oJGjEBtkir 8vwcEyhBDzNDtMxQRqyABQKBgQCmSsVuH4oTyFv4kruC3vnB7M1D2bpHpwTdkqW1 UEabGSD0SLODX9l2WncCZOh9PBvZExcBdPzH7cJIig4uVlxbeg45KD7ZkVVtiDQv fNZNssmFpfyt+5uySKYzBet0f6kAHC0wD0oNjpIe5atYLQObw4fjUw11F4c7cKqu U7TogQKBgFUu0Q5FLxaNNV1p9hNTCU+KDGN/kIe5K+8aJ08TpYhTSFSzgV2k47av xCzTcSufjcZIpjNiGuwmT+spiwoPYqP+AdXKWWcxNfC4ahBfi7ROP6xSriCkzsYv ZFhMHDfIjDAGDFmHI5v9Gcjxt+iFLdiDV9Pzv1XFDKd5yfJNfmGd -----END RSA PRIVATE KEY-----
- Paste the private key into theProxy Server Auth Private Keyfield.
- ClickAdd.
- When you are finished adding and editing rules, clickCommit Changes to System.
The SSH proxy profile is saved to the system.
To use an SSH proxy profile with a virtual server,
attach the profile to a virtual server on the Properties page, in the
Configuration (Basic)
settings.