NimbostratusRemote User group authentication (TACACS) and host-based authentication - LTM 11.4.1
can remote user gourp authentication (through TACACS) and host based authentication (auto ssh without password) both be configured simultaneously in the same LTM? We already have TACACS+ setup with cisco ACE for our LTM 11.4.1HF4. But we are in need of an account which needs to do host-based authentication to a particular partition through ssh, and run some automated commands from a script. As remote user groups are configured, when i add a new user, i am not given an option to add password for the users, but i thought thats fine, as i will be copying the ssh keys both ways to the authorized_keys file under .ssh folder. Say i have partition 'test' and i have created a local user - test1 having access to that partition only (though without a password as it does not prompt for). Not ssh'ed into the F5 with root credentials. created a new '.ssh' folder under /home/test/ and copied the authorized_keys file from /var/ssh/root/authorized_keys to /home/test/.ssh. Now opened vi editor to edit the authorized_key under /home/test/.ssh and added the ssh dsa key from the server which runs the script into it. did the same in the server side, added the F5's ssh-rsa key that exists by default in the authorized_keys file to the server. No i can ssh to the server with just the username without password. But not from the server to the F5, it still prompts for password. But if i do the same for the root (say i add the dsa key of the server into the authorized keys file under /var/ssh/root, the root login works perfectly without any issues. But not for the other test1 user which is restricted access only to partition 'test'. any other ways i can get this working?
