sys sshd
sys sshd(1) BIG-IP TMSH Manual sys sshd(1)
NAME
sshd - Configures the Secure Shell (SSH) daemon for the BIG-IP(r) system.
MODULE
sys
SYNTAX
Configure the sshd component within the sys module using the syntax in the following sections.
MODIFY
modify sshd
options:
allow [add | delete | replace-all-with] {
[ [hostname] | [IP address] ] ...
}
allow none
banner [disabled | enabled]
banner-text [string]
inactivity-timeout [integer]
include [string]
login [disabled | enabled]
log-level [debug | debug1 | debug2 | debug3 | error | fatal |
info | quiet | verbose]
port [integer]
edit sshd
options:
all-properties
non-default-properties
DISPLAY
list sshd
list sshd [option]
show running-config sshd
show running-config sshd [option]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the sshd component to configure a secure channel between the BIG-IP system and other devices.
F5 Networks recommends that users of the Configuration utility exit the utility before changes are made to the system using
the sshd component. This is because making changes to the system using this component causes a restart of the sshd daemon.
Likewise, restarting the sshd daemon creates the necessity for a restart of the Configuration utility.
EXAMPLES
modify sshd allow add {192.168.0.0/255.255.0.0}
Creates an initial range of IP addresses (192.168.0.0 with a netmask of 255.255.0.0) that are allowed to log in to the
system.
modify sshd allow add {192.168.1.245}
Adds the IP address, 192.168.1.245, to the existing list of IP addresses that are allowed to log in to the system.
modify sshd login enabled
Enables SSH login to the system.
modify sshd inactivity-timeout 3600
Sets an inactivity timeout of 60 minutes for SSH logins to the system.
modify sshd log-level error
Sets the sshd message log level to ERROR.
modify sshd banner enabled banner-text "NOTICE: Improper use of this computer may result in prosecution!"
Creates a banner that displays when a user attempts to log in to a system using SSH.
Note that you must enclose the banner text in double quotation marks, and then type single quotation marks outside the
double quotation marks. You can also use the backslash character to escape each quotation mark as well as any other special
characters that the system might process (for example, exclamation point !).
OPTIONS
allow
Configures servers in the /etc/hosts.allow file. The default value is all.
Warning: Using the value none resets the sshd daemon to allow all servers access to the system. F5 Networks recommends
that you do not use the value none with the sshd component.
banner
Enables or disables the display of the banner text field when a user logs in to the system using SSH. The default
value is disabled.
banner-text
When the banner option is enabled, specifies the text to include in the banner that displays when a user attempts to
log on to the system.
fips-cipher-version
Read-only field for internal use. Non-zero value indicates that the list of ciphers has been set to FIPS 140-2
compliant defaults. The value 1 indicates that the list of ciphers is "aes128-cbc,aes256-cbc". User changes to the
list of ciphers will not affect the value of this field. This field is relevant only when FIPS 140-2 compliance is
enabled in the license.
inactivity-timeout
Specifies the number of seconds before inactivity causes an SSH session to log out. The default value is 0 (zero)
seconds, which indicates that inactivity timeout is disabled.
include
Warning: Do not use this option without assistance from the F5 Technical Support team. The system does not validate
the commands issued using the include option. If you use this option incorrectly, you put the functionality of the
system at risk.
login
Enables or disables SSH logins to the system. The default value is enabled.
log-level
Specifies the minimum sshd message level to include in the system log. The possible values are:
debug - debug3
Indicates that the minimum sshd message level that the system logs is the specified debugging level of messages.
error
Indicates that the minimum sshd message level that the system logs is error.
fatal
Indicates that the minimum sshd message level that the system logs is fatal.
info Indicates that the minimum sshd message level that the system logs is informational.
quiet
Indicates that the system does not log sshd messages.
verbose
Indicates that the system logs all sshd messages.
port Specifies the TCP port to run SSHD. It is a number in the range of 1 and 65535.
The default value is 22.
SEE ALSO
edit, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All rights reserved.
BIG-IP 2017-09-07 sys sshd(1)