sys sshdΒΆ

sys sshd(1)						BIG-IP TMSH Manual					       sys sshd(1)

       sshd - Configures the Secure Shell (SSH) daemon for the BIG-IP(r) system.


       Configure the sshd component within the sys module using the syntax in the following sections.

	modify sshd
	    allow [add | delete | replace-all-with] {
	      [ [hostname] | [IP address] ] ...
	    allow none
	    banner [disabled | enabled]
	    banner-text [string]
	    inactivity-timeout [integer]
	    include [string]
	    login [disabled | enabled]
	    log-level [debug | debug1 | debug2 | debug3 | error | fatal |
		       info | quiet | verbose]
	    port [integer]

	edit sshd

	list sshd
	list sshd [option]
	show running-config sshd
	show running-config sshd [option]

       You can use the sshd component to configure a secure channel between the BIG-IP system and other devices.

       F5 Networks recommends that users of the Configuration utility exit the utility before changes are made to the system using
       the sshd component. This is because making changes to the system using this component causes a restart of the sshd daemon.
       Likewise, restarting the sshd daemon creates the necessity for a restart of the Configuration utility.

       modify sshd allow add {}

       Creates an initial range of IP addresses ( with a netmask of that are allowed to log in to the

       modify sshd allow add {}

       Adds the IP address,, to the existing list of IP addresses that are allowed to log in to the system.

       modify sshd login enabled

       Enables SSH login to the system.

       modify sshd inactivity-timeout 3600

       Sets an inactivity timeout of 60 minutes for SSH logins to the system.

       modify sshd log-level error

       Sets the sshd message log level to ERROR.

       modify sshd banner enabled banner-text "NOTICE: Improper use of this computer may result in prosecution!"

       Creates a banner that displays when a user attempts to log in to a system using SSH.

       Note that you must enclose the banner text in double quotation marks, and then type single quotation marks outside the
       double quotation marks. You can also use the backslash character to escape each quotation mark as well as any other special
       characters that the system might process (for example, exclamation point !).

	    Configures servers in the /etc/hosts.allow file. The default value is all.

	    Warning: Using the value none resets the sshd daemon to allow all servers access to the system. F5 Networks recommends
	    that you do not use the value none with the sshd component.

	    Enables or disables the display of the banner text field when a user logs in to the system using SSH. The default
	    value is disabled.

	    When the banner option is enabled, specifies the text to include in the banner that displays when a user attempts to
	    log on to the system.

	    Read-only field for internal use. Non-zero value indicates that the list of ciphers has been set to FIPS 140-2
	    compliant defaults. The value 1 indicates that the list of ciphers is "aes128-cbc,aes256-cbc".  User changes to the
	    list of ciphers will not affect the value of this field. This field is relevant only when FIPS 140-2 compliance is
	    enabled in the license.

	    Specifies the number of seconds before inactivity causes an SSH session to log out. The default value is 0 (zero)
	    seconds, which indicates that inactivity timeout is disabled.

	    Warning: Do not use this option without assistance from the F5 Technical Support team. The system does not validate
	    the commands issued using the include option. If you use this option incorrectly, you put the functionality of the
	    system at risk.

	    Enables or disables SSH logins to the system. The default value is enabled.

	    Specifies the minimum sshd message level to include in the system log. The possible values are:

	    debug - debug3
		 Indicates that the minimum sshd message level that the system logs is the specified debugging level of messages.

		 Indicates that the minimum sshd message level that the system logs is error.

		 Indicates that the minimum sshd message level that the system logs is fatal.

	    info Indicates that the minimum sshd message level that the system logs is informational.

		 Indicates that the system does not log sshd messages.

		 Indicates that the system logs all sshd messages.

	    port Specifies the TCP port to run SSHD. It is a number in the range of 1 and 65535.

		 The default value is 22.

       edit, list, modify, show, tmsh

       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All rights reserved.

BIG-IP							    2017-09-07						       sys sshd(1)