Applies To:
All versions of TPP
F5 LTM Advanced
Summary:
The F5 user that runs command injection in a workflow must have their "Terminal Access" set to "Advanced Shell" (bash) in the F5 config.
A remote-user in F5 (AD, LDAP, etc) can not be assigned the "Advanced Shell" (bash) for Terminal Access. See the following F5 article for more details
https://my.f5.com/manage/s/article/K28660000
When a remote-user signs in to the F5 over SSH, the user enters the "Traffic Management Shell" (tmsh) by default. This will cause command injection to fail as a result.
Information:
The F5 application object will stall/hang at the stage where the workflow with command injection is applied.
No logs are found in the Default SQL Channel indicating the command has failed.
The "Application Credential" on the F5 object controls which user will run the commands in a workflow
Venafi Solution:
Use a local account in F5 to inject commands with Workflows in TPP.
Use Adaptable Workflow
F5 Workaround:
The F5 Remote user can be mapped to a local user for commands. The exact steps may vary, but here is an example article from F5 showing how it can be done:
https://my.f5.com/manage/s/article/K89001433
Comments