Bug ID 604597: SSH Proxy does not correctly parse public keys containing comments

Last Modified: Apr 11, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6

Fixed In:
13.0.0

Opened: Jul 13, 2016

Severity: 3-Major

Symptoms

The BIG-IP will RST the server side and client side connections upon connection initialization. If you have logging set up, log messages will inform you that the keys were mismatched.

Impact

SSH proxy fails.

Conditions

Configuring the SSH Proxy feature's Real Server Auth public key field, using a public key that contains a comment, such as a trailing "root@myserver.local".

Workaround

Strip any comments from the Real Server Auth public key, such as "root@host.example.com".

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips