The BIG-IP and BIG-IQ host OpenSSH servers use keys less than 2048 bits that are no longer considered secure. (CVE-2020-5917)
Impact
The BIG-IP system may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. Some security scanners, such as the Qualys Scanner, recognize that the OpenSSH server uses 1024-bit digital signature algorithm (DSA) keys and reports it as vulnerable (QID 38733).
For adequate security, current best practices require 2048-bit and longer RSA keys. For more information, refer to NIST Special Publication 800-131A Revision 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths.