Manual Chapter : Define SSH proxy password or keyboard interactive authentication
Applies To:Show Versions
- 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Define SSH proxy password or keyboard interactive authentication
Generate public/private RSA key pairs, then configure tunnel keys for password or keyboard interactive authentication to allow the SSH proxy to view tunnel traffic.
- On the BIG-IP system, typessh-keygen.The system outputs:Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):
- Hit theEnterkey to save the file.The system outputs:/root/.ssh/id_rsa already exists. Overwrite (y/n)?
- Typeyto save the file.The system prompts for a passphrase.Enter passphrase (empty for no passphrase):
- Leave the passphrase and confirm passphrase fields blank, and hitEnter.The system outputs something like the following example. The output will be different on your system:Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 08:02:33:1a:8e:45:73:c0:eb:dc:fb:da:87:c5:2c:bf firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ |=o=.. | |+*.o | |o.... | | .. . . | | o . .oS | | o . . + | | . = | | ... o | | .oo.E. | +-----------------+
- Copy the key fromid_rsaincluding the-----BEGIN RSA PRIVATE KEY-----and-----END RSA PRIVATE KEY-----headers and footers.This is your private key, which you will add to the SSH proxy configuration.
- On the Main tab, click.The Protocol Security: Security Profiles: SSH Proxy screen opens.
- Click the name of the SSH proxy profile to edit.The SSH Profile screen opens.
- Click theKey Managementtab.
- ClickAdd New Auth Info.
- In theEnter Auth Info Namefield, type a name for the authentication info settings.
- In theReal Server Auth Public Keyfield, paste the Host public key from your backend server.Make sure not to include the trailing comment.The Real Server Auth key must not be commented out in your SSHD configuration. To make sure, on your backend SSH server, locate the file/etc/ssh/sshd_config, and make sure the lineHostKey /etc/ssh/ssh_host_rsa_keyis not commented out.
- In theProxy Server Auth Private Keyfield, add the private key that was generated on the BIG-IP system.Include the-----BEGIN RSA PRIVATE KEY-----and-----END RSA PRIVATE KEY-----headers and footers.Leave theProxy Server Auth Public Keyfield blank because the SSH proxy generates the public key from the private key.
- When you are finished adding and editing rules, clickCommit Changes to System.
The SSH proxy profile is saved to the system.
To use an SSH proxy profile with a virtual server, attach the profile to a virtual server.