sys sshd
sys sshd(1) BIG-IP TMSH Manual sys sshd(1)
NAME
sshd - Configures the Secure Shell (SSH) daemon for the BIG-IP(r)
system.
MODULE
sys
SYNTAX
Configure the sshd component within the sys module using the syntax in
the following sections.
MODIFY
modify sshd
options:
allow [add | delete | replace-all-with] {
[ [hostname] | [IP address] ] ...
}
allow none
banner [disabled | enabled]
banner-text [string]
inactivity-timeout [integer]
include [string]
login [disabled | enabled]
log-level [debug | debug1 | debug2 | debug3 | error | fatal |
info | quiet | verbose]
port [integer]
edit sshd
options:
all-properties
non-default-properties
DISPLAY
list sshd
list sshd [option]
show running-config sshd
show running-config sshd [option]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the sshd component to configure a secure channel between
the BIG-IP system and other devices.
F5 Networks recommends that users of the Configuration utility exit the
utility before changes are made to the system using the sshd component.
This is because making changes to the system using this component
causes a restart of the sshd daemon. Likewise, restarting the sshd
daemon creates the necessity for a restart of the Configuration
utility.
EXAMPLES
modify sshd allow add {192.168.0.0/255.255.0.0}
Creates an initial range of IP addresses (192.168.0.0 with a netmask of
255.255.0.0) that are allowed to log in to the system.
modify sshd allow add {192.168.1.245}
Adds the IP address, 192.168.1.245, to the existing list of IP
addresses that are allowed to log in to the system.
modify sshd login enabled
Enables SSH login to the system.
modify sshd inactivity-timeout 3600
Sets an inactivity timeout of 60 minutes for SSH logins to the system.
modify sshd log-level error
Sets the sshd message log level to ERROR.
modify sshd banner enabled banner-text "NOTICE: Improper use of this
computer may result in prosecution!"
Creates a banner that displays when a user attempts to log in to a
system using SSH.
Note that you must enclose the banner text in double quotation marks,
and then type single quotation marks outside the double quotation
marks. You can also use the backslash character to escape each
quotation mark as well as any other special characters that the system
might process (for example, exclamation point !).
OPTIONS
allow
Configures servers in the /etc/hosts.allow file. The default value
is all.
Warning: Using the value none resets the sshd daemon to allow all
servers access to the system. F5 Networks recommends that you do
not use the value none with the sshd component.
banner
Enables or disables the display of the banner text field when a
user logs in to the system using SSH. The default value is
disabled.
banner-text
When the banner option is enabled, specifies the text to include
in the banner that displays when a user attempts to log on to the
system.
inactivity-timeout
Specifies the number of seconds before inactivity causes an SSH
session to log out. The default value is 0 (zero) seconds, which
indicates that inactivity timeout is disabled.
include
Warning: Do not use this option without assistance from the F5
Technical Support team. The system does not validate the commands
issued using the include option. If you use this option
incorrectly, you put the functionality of the system at risk.
login
Enables or disables SSH logins to the system. The default value is
enabled.
log-level
Specifies the minimum sshd message level to include in the system
log. The possible values are:
debug - debug3
Indicates that the minimum sshd message level that the system
logs is the specified debugging level of messages.
error
Indicates that the minimum sshd message level that the system
logs is error.
fatal
Indicates that the minimum sshd message level that the system
logs is fatal.
fips-cipher-version
Indicates if the ciphers have been set to FIPS 140-2 approved
ones when the BIG-IP boots up in FIPS 140-2 mode. This is
read-only for the user. The default value is 0.
info Indicates that the minimum sshd message level that the system
logs is informational.
quiet
Indicates that the system does not log sshd messages.
verbose
Indicates that the system logs all sshd messages.
port Specifies the TCP port to run SSHD. It is a number in the
range of 1 and 65535.
The default value is 22.
SEE ALSO
edit, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All
rights reserved.
BIG-IP 2016-03-14 sys sshd(1)