F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP AFM: Network Firewall Policies and Implementations
  3. Protocol Security
  4. SSH Protocol Security
  5. Authenticate SSH proxy traffic
  6. Define SSH proxy password or keyboard interactive authentication
Manual Chapter : Define SSH proxy password or keyboard interactive authentication

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 17.5.0, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Define SSH proxy password or keyboard interactive authentication

Generate public/private RSA key pairs, then configure tunnel keys for password or keyboard interactive authentication to allow the SSH proxy to view tunnel traffic.
  1. On the BIG-IP system, type
    ssh-keygen
    .
    The system outputs:
    Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):
  2. Hit the
    Enter
     key to save the file.
    The system outputs:
    /root/.ssh/id_rsa already exists. Overwrite (y/n)?
  3. Type
    y
     to save the file.
    The system prompts for a passphrase.
    Enter passphrase (empty for no passphrase):
  4. Leave the passphrase and confirm passphrase fields blank, and hit
    Enter
    .
    The system outputs something like the following example. The output will be different on your system:
    Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
08:02:33:1a:8e:45:73:c0:eb:dc:fb:da:87:c5:2c:bf root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|=o=..            |
|+*.o             |
|o....            |
|  .. . .         |
| o .  .oS        |
|  o . . +        |
|     . =         |
|    ... o        |
|    .oo.E.       |
+-----------------+
  5. Copy the key from
    id_rsa
     including the
    -----BEGIN RSA PRIVATE KEY-----
     and
    -----END RSA PRIVATE KEY-----
     headers and footers.
    This is your private key, which you will add to the SSH proxy configuration.
  6. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    SSH Proxy
    .
    The Protocol Security: Security Profiles: SSH Proxy screen opens.
  7. Click the name of the SSH proxy profile to edit.
    The SSH Profile screen opens.
  8. Click the
    Key Management
     tab.
  9. Click
    Add New Auth Info
    .
  10. In the
    Enter Auth Info Name
     field, type a name for the authentication info settings.
  11. In the
    Real Server Auth Public Key
     field, paste the Host public key from your backend server.
    Make sure not to include the trailing comment.
    The Real Server Auth key must not be commented out in your SSHD configuration. To make sure, on your backend SSH server, locate the file
    /etc/ssh/sshd_config
    , and make sure the line
    HostKey /etc/ssh/ssh_host_rsa_key
     is not commented out.
  12. In the
    Proxy Server Auth Private Key
     field, add the private key that was generated on the BIG-IP system.
    Include the
    -----BEGIN RSA PRIVATE KEY-----
     and
    -----END RSA PRIVATE KEY-----
     headers and footers.
    Leave the
    Proxy Server Auth Public Key
     field blank because the SSH proxy generates the public key from the private key.
  13. Click
    Add
    .
  14. When you are finished adding and editing rules, click
    Commit Changes to System
    .
The SSH proxy profile is saved to the system.
To use an SSH proxy profile with a virtual server, attach the profile to a virtual server.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information