Forum Discussion

svs's avatar
svs
Icon for Cirrus rankCirrus
Mar 02, 2017

SSH Proxy Problem: Real Server Auth

Hi,

while playing around with the SSH proxy feature, I'm encountering issues with the validation of the Real Server Auth key. I've configured the profile as described in https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.html. Unfortunately I got an error message in /var/log/sshplugin:

err : SSHPLUGIN: sshplugin_2|SSHPlugin|ssh_setup_serverside|Core|the backend ssh server does not have a public key that matches the configuration! (0) Erroring out of this connection.

I've checked and doublechecked the host key using ssh-keyscan and copied the key string into the field "Real Server Auth". The format of the key looks exactly like the one from the manual, except that my key is a one-liner instead of the block view in the manual. The manual shows the key in block view

AAAAB3NzaC1yc2EAAAADAQABAAABAQCziS6yavPpFuRjLP9hzRiEBcVgLDynoW
qNMuwCrOREkSiDqWqFRrydFCGy6Z1WwwJuDMIw5h3sIuqtOo78zd6pBabXpj0Q
LUyLtGx80Oe3vInpwxvG2/YX9KaGjofkasZJ+tOqoOe5QscnUYr7Iw6CEuo2dB
VIZyL/o1IyTvDfL8+yXO4vPzadmL0gvV1F56feRVsCF0HUrhWwdrQ6CpIpX6ac
sY0HayrhOGPmVF4qRz7fLySHJ5XQz5IKXJRNHJEbXx2tiV1TuQlhz8gOMqMp2I
iSqyKDcUTk2Oy0fPYkNAWPlifq7GplYkit85EL5UCgtHf595rqibOQJWFAAzHF

while mine looks like

AAAAB3NzaC1yc2EAAAADAQABAAABAQCziS6yavPpFuRjLP9hzRiEBcVgLDynoWqNMuwCrOREkSiDqWqFRrydFCGy6Z1WwwJuDMIw5h3sIuqtOo78zd6pBabXpj0QLUyLtGx80Oe3vInpwxvG2/YX9KaGjofkasZJ+tOqoOe5QscnUYr7Iw6CEuo2dBVIZyL/o1IyTvDfL8+yXO4vPzadmL0gvV1F56feRVsCF0HUrhWwdrQ6CpIpX6acsY0HayrhOGPmVF4qRz7fLySHJ5XQz5IKXJRNHJEbXx2tiV1TuQlhz8gOMqMp2IiSqyKDcUTk2Oy0fPYkNAWPlifq7GplYkit85EL5UCgtHf595rqibOQJWFAAzHF

Hopefully this doesn't make a difference.

I even don't know how to turn on debug logging for sshplugin. Maybe this would help.

Any ideas?

Greets, svs