You must create an SSH profile before
you can configure the permissions for that profile.
You configure rules for SSH proxy
permissions for the SSH profile. These rules specify what channel actions are allowed
for all users and for selected users. A channel action is an action on a
channel, A single SSH connection may contain multiple channels and actions, such as
Shell, SCP Up, and others. The channel actions you
can use in rules are shown in columns in the user interface.
Click the name of the SSH profile for which you want to configure
On the left, click SSH Proxy Permissions, and then click
the Create Rule button.
Each SSH profile has the rule DEFAULT ACTIONS defined, which initially allows
all listed permissions for all users with no logging enabled. You can modify the
permission and logging options for the DEFAULT ACTIONS rule. Review the DEFAULT
ACTIONS rule before you create a new rule for specific users.
A new row appears in the table of rules. The row contains a rule
template, including defaults, for the new rule.
Click the pencil icon next to the name of the rule to edit the default rule
In the Name field, type a more meaningful name for the
Create the list of SSH user accounts handled by the rule, by adding and
removing those accounts from the Users
- Add a new SSH user
account to the list by typing the account name in the empty
Users field, and then clicking +
to the right of that field.
- Delete an existing SSH
user account from the list by clicking X to the right
of the user account.
Review and, if needed, modify each SSH channel action.
can set each of the SSH channel actions listed in the table columns (such as
Shell, or Sub System) to one
of these options:
Allow permits the session to be set up for the
SSH channel action. This is the default.
Disallow denies an SSH channel action, and sends
a command not accepted message. Note that many SSH clients
disconnect when this occurs.
Terminate ends an SSH connection by sending a
reset message when a channel action is received.
Unspecified indicates that the DEFAULT ACTIONS
rule value be used for the rule. The DEFAULT ACTIONS rule is shown at the
bottom of the rule list.
To enable logging for any action, select the Log check
box below the SSH channel action.
Review your settings, and click Save.
The SSH proxy permissions are defined
for the SSH profile.
If they are not already defined, you
can now configure the authentication keys to complete the SSH profile.