Bug ID 568596: Utility ssh-copy-id will be blocked if the ssh policy for that specific user is set to Disallow/Terminate for rexec

Last Modified: Feb 26, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Jan 19, 2016
Severity: 4-Minor

Symptoms

ssh-copy-id is a commonly used utility on linux used to copy the public key to an ssh server. It internally uses rexec. If the ssh profile attached to the virtual disallows or terminates rexec for that user, ssh-copy-id will no longer work.

Impact

public key authentication can not be set up using ssh-copy-id.

Conditions

rexec set to disallow/terminate for a user and the user launches the ssh-copy-id utility from his/her client.

Workaround

If scp or sftp is allowed, the user can copy his/her public key to the authorized_keys file on the backend server.

Fix Information

None

Behavior Change