SSH proxy not working

Question

Hi All, &nbsp;I used this instructions: https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.html to configure ssh proxy, but without success. &nbsp;How it works:&nbsp;Putty show me login, but after I write there some login, it give me error message: Network error: Software caused connection abort.Logs on F5 show me this: ssh_serverside_auth_fail Real server public key" in the configuration does not match the private key of the backend server", &nbsp;I have already checked public key from backend server. &nbsp;I want only authentication via username and password via ssh proxy.&nbsp;Thank you

dmitry · Accepted Answer

Your public key have to look like:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCziS6yavPpFuRjLP9hzRiEBcVgLDynoWqNMuwCrOREkSiDqWqFRrydFCGy6Z1WwwJuDMIw5h3sIuqtOo78zd6pBabXpj0QLUyLtGx80Oe3vInpwxvG2/YX9KaGjofkasZJ+tOqoOe5QscnUYr7Iw6CEuo2dBVIZyL/o1IyTvDfL8+yXO4vPzadmL0gvV1F56feRVsCF0HUrhWwdrQ6CpIpX6acsY0HayrhOGPmVF4qRz7fLySHJ5XQz5IKXJRNHJEbXx2tiV1TuQlhz8gOMqMp2IiSqyKDcUTk2Oy0fPYkNAWPlifq7GplYkit85EL5UCgtHf595rqibOQJWFAAzHF&nbsp;&nbsp;It have to be one long string, without any newlines. And without "email" at the end of the string.&nbsp;If all correct you can try to find HostKey directives on your backend ssh server config and comment out all except the rsa, like this:HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_ed25519_key&nbsp;

boneyard · Answer

i assume access works without the F5 SSH proxy?

which part of that manual did you follow, the part at: "Defining SSH proxy password or keyboard interactive authentication"?

you follow all the information mentioned there?

f5beginner · Answer

Hi boneyard, &nbsp;I guess yes.I started with this:&nbsp;Proxying SSH traffic with an SSH Proxy profile - finished with 11 step.Creating an SSH virtual server with SSH proxy security- finished with 8. stepAttaching an SSH proxy security profile to an existing virtual server- finsihed with 4. step.Defining SSH proxy password or keyboard interactive authentication - finished with 9. step.&nbsp;From backend server I use public key from root/.ssh/id_rsa.pub and copy it without email addres, which was  on the end of text, to F5 Real Server Auth Public key.&nbsp;Thank you&nbsp;&nbsp;

dmitry · Answer

You have to use /etc/ssh/ssh_host_rsa_key.pub instead of root/.ssh/id_rsa.pub.

And as it written in docs to v.15 - Make sure not to include the trailing comment.

I did it and now I not receiving this error message in log but I'm still cant connect - after I'm entered the password it hangs up and then closed -_-

f5beginner · Answer

Hi Dimitry, &nbsp;I have already tried to change public key with this: /etc/ssh/ssh_host_rsa_key.pub but still same, should I restart some process maybe ?&nbsp;Thank  you

dmitry · Answer

Generally not, you only need to commit.Do you still get the same error in log ?&nbsp;After I inserted the correct&nbsp;public key I got nothing in log so my troubles seems to be related with PAM.

Forum Discussion

SSH proxy not working

12 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Enable telnet on SSH

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Seeking Guidance on Enabling Telnet Access via SSH Proxy Using F5 BIG-IP LTM

F5 TCP Proxy mode

SSL PROXY