Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
5.1.0, 5.2.0, 5.3.0
Opened: Aug 29, 2017 Severity: 2-Critical
BIG-IQ systems configured in a high availability (HA) pair prompt you to accept a previously-accepted signature when you log in to a BIG-IP device through the command line.
When you log in to a BIG-IP device through the command line using ssh-keygen -R causes the original symlink to be renamed to known_hosts.old and a new file known_hosts file copied and created from the old. This breaks the link to the /shared partition, so upon upgrade, those entries are lost.
BIG-IQ is used to ssh into other devices from the BIG-IQ root command line.
For BIG-IQ version 5.2 and 5.3: 1. Disassociate the BIG-IQ systems in the high availability (HA) pair. 2. Recover signatures by copying /shared/ssh/root/known_hosts to /root/.ssh/known_hosts. 3. Re-establish the high availability (HA) pair. To avoid this issue when you upgrade to BIG-IQ version 5.4, preserve the accepted host signatures by copying /root/.ssh/known_hosts to /shared/ssh/root/known_hosts.
None