bigip_security_ssh_profile_rules – Manage SSH proxy security profile rules on a BIG-IP¶
New in version 1.13.0.
Parameters¶
Parameter | Choices/Defaults | Configuration | Comments | ||
---|---|---|---|---|---|
action
dictionary
|
Species the action of the rule which is to be applied to the SSH security profile.
|
||||
agent
dictionary
|
Defines the use of an ssh-agent over the SSH tunnel.
Agent forwarding specifies the chain of SSH connections, forwards key challenges back to the original agent, removing the need for passwords or private keys on intermediate machines.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
forward_local
dictionary
|
Defines the use of the
-L to do local port forwarding over the SSH tunnel. |
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
forward_remote
dictionary
|
Defines the use of the
-R to do remote port forwarding over the SSH tunnel. |
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
forward_x11
dictionary
|
Defines the use of X11 forwarding over the SSH tunnel.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
name
string
/ required
|
Name of the
action to be created or modified. |
||||
other
dictionary
|
Defines the use of other SSH commands on the SSH connection.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
rexec
dictionary
|
Defines the use of
rexec remote execution commands over the SSH tunnel. |
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
scp_down
dictionary
|
Defines the use of Secure Copy to copy files from a remote directory to a local directory over the SSH tunnel.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
scp_up
dictionary
|
Defines the use of Secure Copy to copy files from a local directory to a remote directory over the SSH tunnel.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
sftp_down
dictionary
|
Defines the use of Secure File Transfer Protocol to download files over the SSH tunnel.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
sftp_up
dictionary
|
Defines the use of Secure File Transfer Protocol to upload files over the SSH tunnel.
|
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
shell
dictionary
|
Defines the use of the
shell command to open an SSH shell channel type. |
||||
control
string
|
|
When set to
allow , allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate , the SSH connection is terminated with reset message when the selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
sub_system
dictionary
|
Defines the use of the
subsystem command to invoke remote commands that are defined on the server over the SSH tunnel. |
||||
control
string
|
|
When set to
allow allows setup of the session for the selected SSH channel action.When set to
disallow , the SSH channel action is denied and a command not accepted message is sent.When set to
terminate the SSH connection is terminated with reset message when selected channel action is received.When set to
unspecified , no action is taken. |
|||
log
boolean
|
|
Specifies if logging should be enabled for the selected SSH action.
|
|||
name
string
/ required
|
Specifies the name of the rule that will be applied to the SSH security profile.
|
||||
partition
string
|
Default: "Common"
|
Device partition to manage resources on.
|
|||
profile_name
string
/ required
|
Specifies the name of the SSH security profile to which this rule applies.
|
||||
state
string
|
|
When
present , ensures the SSH proxy security profile rule is created.When
absent , ensures the SSH proxy security profile rule is removed. |
|||
users
list
/ elements=string
|
Specifies the list of users to be added to the SSH proxy permissions list.
|
Examples¶
- name: Create ssh profile rule
bigip_security_ssh_profile_rules:
name: test_rule_1
users:
- test_user_1
- test_user_2
profile_name: test_ssh
action:
name: test_action
shell:
control: allow
log: true
forward_x11:
control: terminate
log: true
- name: Modify ssh profile rule, add action
bigip_security_ssh_profile_rules:
name: test_rule_1
users:
- test_user_1
- test_user_2
profile_name: test_ssh
action:
name: test_action
shell:
control: allow
log: true
forward_x11:
control: terminate
log: true
other:
control: terminate
log: true
- name: Delete ssh profile rule
bigip_security_ssh_profile_rules:
name: test_rule_1
profile_name: test_ssh
state: absent
Return Values¶
The following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
action
dictionary
|
changed |
The action rule that is applied to the SSH security profile.
Sample:
hash/dictionary of values
|
users
list
|
changed |
The list of users to be added to the SSH proxy permissions list.
Sample:
['...', '...']
|