sys sshd

sys sshd(1)		      BIG-IP TMSH Manual		   sys sshd(1)



NAME
       sshd - Configures the Secure Shell (SSH) daemon for the BIG-IP(r)
       system.

MODULE
       sys

SYNTAX
       Configure the sshd component within the sys module using the syntax in
       the following sections.

   MODIFY
	modify sshd
	  options:
	    allow [add | delete | replace-all-with] {
	      [ [hostname] | [IP address] ] ...
	    }
	    allow none
	    banner [disabled | enabled]
	    banner-text [string]
	    inactivity-timeout [integer]
	    include [string]
	    login [disabled | enabled]
	    log-level [debug | debug1 | debug2 | debug3 | error | fatal |
		       info | quiet | verbose]
	    port [integer]

	edit sshd
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list sshd
	list sshd [option]
	show running-config sshd
	show running-config sshd [option]
	  options:
	    all-properties
	    non-default-properties
	    one-line

DESCRIPTION
       You can use the sshd component to configure a secure channel between
       the BIG-IP system and other devices.

       F5 Networks recommends that users of the Configuration utility exit the
       utility before changes are made to the system using the sshd component.
       This is because making changes to the system using this component
       causes a restart of the sshd daemon. Likewise, restarting the sshd
       daemon creates the necessity for a restart of the Configuration
       utility.

EXAMPLES
       modify sshd allow add {192.168.0.0/255.255.0.0}

       Creates an initial range of IP addresses (192.168.0.0 with a netmask of
       255.255.0.0) that are allowed to log in to the system.

       modify sshd allow add {192.168.1.245}

       Adds the IP address, 192.168.1.245, to the existing list of IP
       addresses that are allowed to log in to the system.

       modify sshd login enabled

       Enables SSH login to the system.

       modify sshd inactivity-timeout 3600

       Sets an inactivity timeout of 60 minutes for SSH logins to the system.

       modify sshd log-level error

       Sets the sshd message log level to ERROR.

       modify sshd banner enabled banner-text "NOTICE: Improper use of this
       computer may result in prosecution!"

       Creates a banner that displays when a user attempts to log in to a
       system using SSH.

       Note that you must enclose the banner text in double quotation marks,
       and then type single quotation marks outside the double quotation
       marks. You can also use the backslash character to escape each
       quotation mark as well as any other special characters that the system
       might process (for example, exclamation point !).

OPTIONS
       allow
	    Configures servers in the /etc/hosts.allow file. The default value
	    is all.

	    Warning: Using the value none resets the sshd daemon to allow all
	    servers access to the system. F5 Networks recommends that you do
	    not use the value none with the sshd component.

       banner
	    Enables or disables the display of the banner text field when a
	    user logs in to the system using SSH. The default value is
	    disabled.

       banner-text
	    When the banner option is enabled, specifies the text to include
	    in the banner that displays when a user attempts to log on to the
	    system.

       inactivity-timeout
	    Specifies the number of seconds before inactivity causes an SSH
	    session to log out. The default value is 0 (zero) seconds, which
	    indicates that inactivity timeout is disabled.

       include
	    Warning: Do not use this option without assistance from the F5
	    Technical Support team. The system does not validate the commands
	    issued using the include option. If you use this option
	    incorrectly, you put the functionality of the system at risk.

       login
	    Enables or disables SSH logins to the system. The default value is
	    enabled.

       log-level
	    Specifies the minimum sshd message level to include in the system
	    log. The possible values are:

	    debug - debug3
		 Indicates that the minimum sshd message level that the system
		 logs is the specified debugging level of messages.

	    error
		 Indicates that the minimum sshd message level that the system
		 logs is error.

	    fatal
		 Indicates that the minimum sshd message level that the system
		 logs is fatal.

	    fips-cipher-version
		 Indicates if the ciphers have been set to FIPS 140-2 approved
		 ones when the BIG-IP boots up in FIPS 140-2 mode. This is
		 read-only for the user. The default value is 0.

	    info Indicates that the minimum sshd message level that the system
		 logs is informational.

	    quiet
		 Indicates that the system does not log sshd messages.

	    verbose
		 Indicates that the system logs all sshd messages.

	    port Specifies the TCP port to run SSHD. It is a number in the
		 range of 1 and 65535.

		 The default value is 22.

SEE ALSO
       edit, list, modify, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2010, 2012-2013, 2016. All
       rights reserved.



BIG-IP				  2016-03-14			   sys sshd(1)