Bug ID 626829: Pre-shared key is ignored after upgrade

Last Modified: Jan 01, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.2.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3

Opened: Nov 03, 2016
Severity: 2-Critical

Symptoms

If a user has a pre-shared key in order to log on to the BIG-IP without entering their password, after an upgrade this file will have the wrong owner. Therefore, ssh will ignore it and the user will be required to enter their password at login.

Impact

User must use their password to log in, which may break automation relying on accessing the device by ssh. If the user does not have a password, then you cannot log in as that user.

Conditions

ssh's authorized_keys mechanism is being used. The user must have an administrative role.

Workaround

If you have an administrative account by which you can log in with a password, log on and run these bash commands: chown 0 /home/USERNAME/.ssh chown 0 /home/USERNAME/.ssh/authorized_keys If you have key-only log in, then there is no workaround. Set a password on an administrative user before starting the installation.

Fix Information

None

Behavior Change