Last Modified: Jun 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
17.5.0, 17.5.1
Opened: Jun 18, 2025 Severity: 3-Major
Attempt SCP file to BIG-IP: root@bigipiq-ubuntu-server:/etc/tacacs+# scp tac_plus.conf admin1@10.155.86.212:/shared/ene Password: cat: /config/ssh/scp.whitelist /config/ssh/scp.whitelist-platform: No such file or directory "/shared/ene/tac_plus.conf": path not allowed root@bigipiq-ubuntu-server:/etc/tacacs+#
The SCP command is not working for remote users.
-- Running BIG-IP version with 17.5.0 -- Set up remote auth such like tacacs -- Create /config/ssh/scp.whitelist-platform, file permission need to allow read 644 -- scp a file to the BIG-IP device
Workaround can be done by editing /usr/bin/scp-checkfp script, this means that if you upgrades to unresolved version, you must edit the script again to reinstate the workaround. Do not attempt to perform this workaround if the system is licensed for Platform FIPS. 1) remount /usr/ as read,write mount -o rw,remount /usr 2) Make backup of /usr/bin/scp-checkfp cp /usr/bin./scp-checkfp /usr/bin/scp-checkfp.org 3) Open /usr/bin/scp-checkfp script vi /usr/bin/scp-checkfp 3a) Adding space after IFS at line 60 following IFS=$'\n ' 3b) Save the change and quit vi. 4) remount /usr/ as read only mount -o ro,remount /usr
None