Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
11.2.1, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3
Opened: Jul 19, 2016 Severity: 3-Major Related Article:
K57654614
Installing a new version changes the ownership of administrative users' files to a different, nonzero UID.
Low in most cases, since the administrative user can still access most files. One exception is that SSH requires that the authorized_keys file be owned by the user ID in question. This is 0 when a user has an administrative role, so the authorized_keys file will be ignored and a password will still be required for login.
A user is an administrative user who has advanced shell (bash) access and custom files in their home directory.
Run the following command, substituting a different filename as needed: chown 0 /home/theuser/.ssh/authorized_keys.
Installing a new version changes the ownership of administrative users' files to a different, nonzero UID. This still happens by design, but no longer applies to the user's SSH configuration files, which stay at UID 0. Therefore, these users are no longer be prevented from using stored public keys in authorized_keys.