sys sshd

sys sshd(1)						BIG-IP TMSH Manual					       sys sshd(1)

NAME
       sshd - Configures the Secure Shell (SSH) daemon for the BIG-IP(r) system.

MODULE
       sys

SYNTAX
       Configure the sshd component within the sys module using the syntax in the following sections.

   MODIFY
	modify sshd
	  options:
	    allow [add | delete | replace-all-with] {
	      [ [hostname] | [IP address] ] ...
	    }
	    allow none
	    banner [disabled | enabled]
	    banner-text [string]
	    inactivity-timeout [integer]
	    include [string]
	    login [disabled | enabled]
	    log-level [debug | debug1 | debug2 | debug3 | error | fatal |
		       info | quiet | verbose]
	    port [integer]

	edit sshd
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list sshd
	list sshd [option]
	show running-config sshd
	show running-config sshd [option]
	  options:
	    all-properties
	    non-default-properties
	    one-line

DESCRIPTION
       You can use the sshd component to configure a secure channel between the BIG-IP system and other devices.

       F5 Networks recommends that users of the Configuration utility exit the utility before changes are made to the system using
       the sshd component. This is because making changes to the system using this component causes a restart of the sshd daemon.
       Likewise, restarting the sshd daemon creates the necessity for a restart of the Configuration utility.

EXAMPLES
       modify sshd allow add {192.168.0.0/255.255.0.0}

       Creates an initial range of IP addresses (192.168.0.0 with a netmask of 255.255.0.0) that are allowed to log in to the
       system.

       modify sshd allow add {192.168.1.245}

       Adds the IP address, 192.168.1.245, to the existing list of IP addresses that are allowed to log in to the system.

       modify sshd login enabled

       Enables SSH login to the system.

       modify sshd inactivity-timeout 3600

       Sets an inactivity timeout of 60 minutes for SSH logins to the system.

       modify sshd log-level error

       Sets the sshd message log level to ERROR.

       modify sshd banner enabled banner-text "NOTICE: Improper use of this computer may result in prosecution!"

       Creates a banner that displays when a user attempts to log in to a system using SSH.

       Note that you must enclose the banner text in double quotation marks, and then type single quotation marks outside the
       double quotation marks. You can also use the backslash character to escape each quotation mark as well as any other special
       characters that the system might process (for example, exclamation point !).

OPTIONS
       allow
	    Configures servers in the /etc/hosts.allow file. The default value is all.

	    Warning: Using the value none resets the sshd daemon to allow all servers access to the system. F5 Networks recommends
	    that you do not use the value none with the sshd component.

       banner
	    Enables or disables the display of the banner text field when a user logs in to the system using SSH. The default
	    value is disabled.

       banner-text
	    When the banner option is enabled, specifies the text to include in the banner that displays when a user attempts to
	    log on to the system.

       fips-cipher-version
	    Read-only field for internal use. Non-zero value indicates that the list of ciphers has been set to FIPS 140-2
	    compliant defaults. The value 1 indicates that the list of ciphers is "aes128-cbc,aes256-cbc".  User changes to the
	    list of ciphers will not affect the value of this field. This field is relevant only when FIPS 140-2 compliance is
	    enabled in the license.

       inactivity-timeout
	    Specifies the number of seconds before inactivity causes an SSH session to log out. The default value is 0 (zero)
	    seconds, which indicates that inactivity timeout is disabled.

       include
	    Warning: Do not use this option without assistance from the F5 Technical Support team. The system does not validate
	    the commands issued using the include option. If you use this option incorrectly, you put the functionality of the
	    system at risk.

       login
	    Enables or disables SSH logins to the system. The default value is enabled.

       log-level
	    Specifies the minimum sshd message level to include in the system log. The possible values are:

	    debug - debug3
		 Indicates that the minimum sshd message level that the system logs is the specified debugging level of messages.

	    error
		 Indicates that the minimum sshd message level that the system logs is error.

	    fatal
		 Indicates that the minimum sshd message level that the system logs is fatal.

	    info Indicates that the minimum sshd message level that the system logs is informational.

	    quiet
		 Indicates that the system does not log sshd messages.

	    verbose
		 Indicates that the system logs all sshd messages.

	    port Specifies the TCP port to run SSHD. It is a number in the range of 1 and 65535.

		 The default value is 22.

SEE ALSO
       edit, list, modify, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All rights reserved.

BIG-IP							    2017-09-07						       sys sshd(1)