I believe one of the issues is that your keys are missing the header and footer information.
-----BEGIN RSA PRIVATE KEY----- <==
(key text) <==
-----END RSA PRIVATE KEY----- <==
In any case, the following steps produce a working system in my lab:
CLIENT:
1. Generate a new RSA key pair on the client (ssh-keygen)
BIGIP
1. Create a new RSA pair public/private key in BigIP using:
ssh-keygen
-
Create a new ssh proxy profile with default actions (allow). Under the key management:
a. Add BigIP RSA keys in Proxy Client Auth.
Note we delete comment in public key and we add header and footer in private key.
Public Key:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuv0xrDHO/Hk+oF5qIQyg/1qoUm2uSnZ7Wyca1IrpmXELEITmtCZevPfkX20Yebuubl7W4f5eisHa0mvy4Gb/WuUbXmTkt7TRaKgJPwARuYDphtoZM6GrIukkSrJRqbZlZ+tbHL5lrGdAfIxTlGLxzu+LKxhJo8Ldn+oBw8KZp1MqJjYiFiDocymSY/sHrEaLxUHZRCOANsVQfzo8yBWGl5V4jJB9ZeqOabApLNBd1wf0bGQoL+YI++44rYTm3gS7oNVVHDOYJYBBIpmUFk70TcedqAAXRXVKRFtYsd50iQazwck/pDn40iq7l1VPeHh3KD70d5VLpDTNF9hC9KH3kQ==
Private key:
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAuv0xrDHO/Hk+oF5qIQyg/1qoUm2uSnZ7Wyca1IrpmXELEITm
tCZevPfkX20Yebuubl7W4f5eisHa0mvy4Gb/WuUbXmTkt7TRaKgJPwARuYDphtoZ
M6GrIukkSrJRqbZlZ+tbHL5lrGdAfIxTlGLxzu+LKxhJo8Ldn+oBw8KZp1MqJjYi
FiDocymSY/sHrEaLxUHZRCOANsVQfzo8yBWGl5V4jJB9ZeqOabApLNBd1wf0bGQo
L+YI++44rYTm3gS7oNVVHDOYJYBBIpmUFk70TcedqAAXRXVKRFtYsd50iQazwck/
pDn40iq7l1VPeHh3KD70d5VLpDTNF9hC9KH3kQIBIwKCAQACq9h7JUhxUjBwAVlJ
nXADpd3VSrWwm0rns8I2PH+uE+aO3VPAvrg15ki/iN9vdA12mvRw8VkfPUicmyRi
Sp0/eE0w5C8nMiA/qqEL3xYyMWJr+80o91aPIJZ2GH2CbKmtXspxyDSnCMoQaGeY
EArEyOhjW8aJp1rv/6+RbNZPMLTb6zcKngiUk/Rs324QYDGqXiDkGRjahrMKF4sH
ERPtLJzI6Qc5ybmKu/VEMlWIt+sOAoNnJOQ76+H/u6TuTFrKy3q0jR2wJ9A4oPXZ
SgGjNCiMTV9ZYLn1FgURgcknQgzE5tmyRUPoPFoMczXS8VpFKLXgOmFNabUnWjRN
qRfrAoGBAOTC8BECIso5+dul4layUHN1xcyVd1kU4Gs4HP8SeRV4VNSsjJWqccIJ
vAyaSPmW1q80rUbWMQtXKGHrGyxld1Yu4uDreVednFqgLCCdvumDA+Bp4Z83hA+U
5Zwddm7x/5bsNdrWXW2oFnl1puEvT3K9NSgz84+DZLZlhXmQHU3JAoGBANFA9QQs
x8WYuuD5AJh/qIO5vw5Pz1thD/CErTnG8P5FDcTwS+3uUBBwjwvsxADd5v9jBvMl
npVCRgrVGqFPrJH+TubSJCJdAPcGajoOU5gqgKbg9mWdfmGrcFnK6wTa957+c94O
6/mpk6K6LbabKlWB6BDzqyD16I3vqHwoSB+JAoGBAN45tgHk0Va7+giShBm0iKqs
7AiRMhwFps6OSA26LHtBsX4j9kg/LK3dkhrfBQ+3GbGDoQL79SD1lPFoC8S6Vqt+
APfALLuDKiwmkURBd6EC7dKv/789PnWJVBP/XRtRe/GyQvHXjfV+tr8h1U/HjwG/
HbIGlNSORJPtl5qpQQm7AoGAa52/1kLqZZ8BBfxmtNPwQ76cxYghf3O/DfsXQkkO
OZ/bMhUuXRt5og4AbIhkzT7r08yHOzfrKDC2Tra9PQRnYQZxuIlUaXGouY5FQm3E
l2ZQytoYUYQyXh2nfqLfRFNaxswBEx2d7hyyU7A0xE/MoQD7AWdfUsecK70U0iNY
SrsCgYBLJKEp7vxt1Xr4VgJm0EiqQc4fdbTuL6TNT6Cr86WjR6kJ63ixpYDJ7Qp+
RRUZugumO8/YyjB/csYSMcuw+/nVpwXBk6SHiL2MWG9bsW5MBc7DBomXr5S/UXKu
H8PSW0AgehbQ0v4QtmpsEwiyk+6R5sHCQhSJGw1uU2pYd6YoFg==
-----END RSA PRIVATE KEY-----
b. Add client RSA private key (/root/.ssh/id_rsa) in Proxy Server Auth > Private Key
c. Add server RSA public key (/etc/ssh/ssh_host_rsa_key.pub) in Real Server Auth
d. Generate a new RSA key pair in client (ssh-keygen)
- Create the pool member with SSH server
- Create virtual server and add this pool member and set the SSH proxy profile
SERVER:
1. Confirm configuration of Authorized keys in sshd_config:
[...]
AuthorizedKeysFile /etc/ssh/authorized_keys
AuthorizedKeysFile /root/.ssh/authorized_keys
[...]
-
Add BigIP and client's RSA public keys in /etc/ssh/authorized_keys:
- Copy Client created in step 1.d public key (/root/.ssh/id_rsa.pub) in /etc/ssh/authorized_keys
- Copy BigIP public key (/root/.ssh/id_rsa.pub) in /etc/ssh/authorized_keys
Authorized_keys file example:
cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfLCZVQpBwBJ1vlZphNBul+GPr5EVgD2PvMolcoCd6D0XVeZ37Y0G/pLVyIS9Qy9nfBL1m4sLHS1RaZJQhu4gxHhlyCypg3ZO7xSI/9L36ZEBSgB4915BZgkVAiVWBB0m5JzVS7apjwe51oxuQv9VSQgHCAX4QNjLkPYy9B6ihdi7tEJ+mAp0Cjo9RBVCziH2si034AW56KpGPHDAVammt9D2fJY8xFrOQWMJedLw+nCknLQQ6ecgHsf+LrQkxb4JMNVUyZY81dVCOITm6K4eIQYeOpIGuIbmGqaIfJUDNiPEE7toK3NT40ojPltCbWAtwYl1OJ5oJIVrrwVzdJdax root@client2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuv0xrDHO/Hk+oF5qIQyg/1qoUm2uSnZ7Wyca1IrpmXELEITmtCZevPfkX20Yebuubl7W4f5eisHa0mvy4Gb/WuUbXmTkt7TRaKgJPwARuYDphtoZM6GrIukkSrJRqbZlZ+tbHL5lrGdAfIxTlGLxzu+LKxhJo8Ldn+oBw8KZp1MqJjYiFiDocymSY/sHrEaLxUHZRCOANsVQfzo8yBWGl5V4jJB9ZeqOabApLNBd1wf0bGQoL+YI++44rYTm3gS7oNVVHDOYJYBBIpmUFk70TcedqAAXRXVKRFtYsd50iQazwck/pDn40iq7l1VPeHh3KD70d5VLpDTNF9hC9KH3kQ== root@bigip1.org