Manual Chapter : Example: Proxy SSH traffic with an SSH Proxy profile

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.0.1, 15.0.0
Manual Chapter

Example: Proxy SSH traffic with an SSH Proxy profile

Configure an SSH proxy security profile to allow or deny SSH channel actions to specific users on a virtual server. In this example, the proxy profile disallows SCP uploads and downloads, and terminates the channel on REXEC commands for the
root
user. All data entered in this screen is example data, and may not work on your system.
  1. On the Main tab, click
    Security
    Protocol Security
    Security Profiles
    SSH Proxy
    .
    The Protocol Security: Security Profiles: SSH Proxy screen opens.
  2. Click
    Create
    .
    The New SSH Profile screen opens.
  3. In the Profile Name field, type the name
    ssh_no_scp_terminate_rexec
    .
  4. Click
    Add New Rule
    to add a rule for the profile.
  5. In the Enter Rule Name field, type
    root_rules
    as the name for the rule.
  6. In the Users column, in the
    add new user
    field, type
    root
    , and click
    Add
    .
  7. From the
    SCP Up
    list, select
    Disallow
    .
  8. From the
    SCP Down
    list, select
    Disallow
    .
  9. From the
    REXEC
    list, select
    Terminate
    .
  10. To enable logging for the SSH actions, select the
    Log
    check boxes.
  11. Click
    Add Rule
    .
  12. When you are finished adding and editing rules, click
    Commit Changes to System
    .
The SSH proxy profile is saved to the system.
To use an SSH proxy profile with a virtual server, attach the profile to a virtual server on the Properties page, in the
Configuration (Basic)
settings.