Last Modified: Jul 25, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.2.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3
Opened: Nov 03, 2016 Severity: 2-Critical
If a user has a pre-shared key in order to log on to the BIG-IP without entering their password, after an upgrade this file will have the wrong owner. Therefore, ssh will ignore it and the user will be required to enter their password at login.
User must use their password to log in, which may break automation relying on accessing the device by ssh. If the user does not have a password, then you cannot log in as that user.
ssh's authorized_keys mechanism is being used. The user must have an administrative role.
If you have an administrative account by which you can log in with a password, log on and run these bash commands: chown 0 /home/USERNAME/.ssh chown 0 /home/USERNAME/.ssh/authorized_keys If you have key-only log in, then there is no workaround. Set a password on an administrative user before starting the installation.
None