Last updated on: 2024-04-19 09:21:35.

Microsoft Azure: Authentication Considerations

Use the following information when configuring authentication and proper file transfer between Azure Cloud and the F5 BIG-IP Virtual Edition (VE):

• The root account is disabled by default
• The Administrator (admin) account/role does NOT have a default password

Important

When you use the scp or sftp commands to transfer files to/from the BIG-IP system, you MUST have the Administrator role and access set to Advanced Shell (bash) for BIG-IP versions that have the following CVE fixes:

• SCP (CVE-2020-5873)
• SFTP (CVE-2019-6617)

When provisioning an instance through the Azure portal or with the waagent:

• The names admin and root are NOT allowed. You must provide a unique admin account name.
• With waagent, you can only configure authentication using either a password OR SSH Key authentication (not both).
• If configuring SSH Key authentication, you can find the SSH public key in both the custom admin and the default admin’s account, as a convenience for those standardizing with the admin account.

Because password authentication is required for WebUI access, but not as commonly supported in other clouds, F5 recommends configuring both:

• Configure SSH Key authentication during the instance provisioning process.
• Set password authentication using additional on-boarding steps (for example using tmsh or F5 BIG-IP Declarative Onboarding).

Consult the GitHub links in the Azure Automation section for additional authentication examples.

More help with BIG-IP VE

• K11352038 support article
• Set admin password
• SSH keypair