Info: F5 remote-users can not inject commands with Workflows

Applies To:

All versions of TPP

F5 LTM Advanced



The F5 user that runs command injection in a workflow must have their "Terminal Access" set to "Advanced Shell" (bash) in the F5 config.

Screen Shot 2024-01-04 at 5.47.08 PM.png


A remote-user in F5 (AD, LDAP, etc) can not be assigned the "Advanced Shell" (bash) for Terminal Access. See the following F5 article for more details

When a remote-user signs in to the F5 over SSH, the user enters the "Traffic Management Shell" (tmsh) by default. This will cause command injection to fail as a result.



The F5 application object will stall/hang at the stage where the workflow with command injection is applied.

No logs are found in the Default SQL Channel indicating the command has failed.

The "Application Credential" on the F5 object controls which user will run the commands in a workflow

Screen Shot 2024-01-04 at 5.52.30 PM.png


Venafi Solution:

Use a local account in F5 to inject commands with Workflows in TPP.
Use Adaptable Workflow


F5 Workaround:

The F5 Remote user can be mapped to a local user for commands. The exact steps may vary, but here is an example article from F5 showing how it can be done:



Was this article helpful?
1 out of 1 found this helpful