Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Feb 05, 2016 Severity: 3-Major
Using ecdsa keys for user public key auth will result in a connection hang. Using ecdsa keys on the backend server will result in the client receiving a TCP Reset.
No ssh connection can be established through the ssh proxy
Either of two conditions need to be satisfied: 1) Client has ecdsa keys, e.g ~/.ssh contains id_ecdsa.pub and id_ecdsa keys. 2) Backend server is using ecdsa. e.g. the sshd config contains the following where rsa and dsa are disabled and ecdsa is enabled: # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key
Please use RSA and DSA keys only for both User Public Key Auth and Server Key Exchange
None