You must create an SSH profile before
you can configure the permissions for that profile.
You use the SSH Proxy Permissions
tab to configure rules for SSH proxy permissions for the SSH profile. These rules
specify what channel actions are allowed for all users and for selected users. A single
SSH connection may contain multiple channels and actions, such as Shell, SCP Up, and
Log in to the BIG-IQ® Centralized Management system with
your user name and password.
At the top left of the screen, select Network Security
from the BIG-IQ menu.
Click Shared Security from the top menu bar, and then
from the list on the left, click SSH Profiles.
Click the name of the SSH profile on which you want to configure
Click the SSH Proxy Permissions tab, and click Create
Each SSH profile has the rule DEFAULT ACTIONS defined which initially allows
all listed permissions for all users with no logging enabled. You can modify the
permission and logging options for the DEFAULT ACTIONS rule. Review the DEFAULT
ACTIONS rule before you create a new rule for specific users.
A new row appears in the table of rules. The row contains a rule
template, including defaults, for the new rule.
Click the name of the rule to edit the default rule properties.
In the Name field, type a more meaningful name for the
Create the list of SSH user accounts handled by the rule, by adding and
removing those accounts from the Users
- Add a new SSH user
account to the list by typing the account name in the empty
Users field, and then clicking +
to the right of that field.
- Delete an existing SSH
user account from the list by clicking X to the right
of the user account.
Review and, if needed, modify each SSH channel action.
can set each of the SSH channel actions listed in the table columns (such as
Shell, or Sub System) to one
of these options:
Allow permits the session to be set up for the
SSH channel action. This is the default.
Disallow denies an SSH channel action, and sends
a command not accepted message. Note that many SSH clients
disconnect when this occurs.
Terminate ends an SSH connection by sending a
reset message when a channel action is received.
To enable logging for any action, select the Log check
box below the SSH channel action.
Review your settings, and click Save.
The SSH proxy permissions are defined
for the SSH profile.
If not already defined, you can now
configure the authentication keys to complete the SSH profile.