Bug ID 1269593: SSH client fails to connect using host key type ssh-rsa

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
17.1.1, 17.1.0.2, 17.1.0.1, 16.1.4.1, 16.1.4

Fixed In:
17.1.2, 16.1.5

Opened: Mar 10, 2023

Severity: 2-Critical

Related Article: K000137127

Symptoms

When trying to connect to BIG-IP via SSH, the connection fails with an error: Unable to negotiate with <IP> port 22: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 This issue is observed only in non FIPS mode.

Impact

The ssh-rsa as a host key algorithm fails to connect to BIG-IP in non FIPS mode.

Conditions

-- SSH connection -- The algorithm is set to ssh-rsa -- The BIG-IP system is not operating in FIPS mode

Workaround

None

Fix Information

Enabling ssh-rsa as host-key algorithm, in Non-FIPS mode for ssh connections.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips