Manual Chapter :
Example: Proxy
SSH traffic with an SSH Proxy profile
Applies To:
Show Versions
BIG-IP AFM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Example: Proxy
SSH traffic with an SSH Proxy profile
Configure an SSH proxy security profile to allow or deny SSH channel actions to
specific users on a virtual server. In this example, the proxy profile disallows SCP
uploads and downloads, and terminates the channel on REXEC commands for the
root
user. All data entered in this screen is example data,
and may not work on your system.- On the Main tab, click .The Protocol Security: Security Profiles: SSH Proxy screen opens.
- ClickCreate.The New SSH Profile screen opens.
- In the Profile Name field, type the namessh_no_scp_terminate_rexec.
- ClickAdd New Ruleto add a rule for the profile.
- In the Enter Rule Name field, typeroot_rulesas the name for the rule.
- In the Users column, in theadd new userfield, typeroot, and clickAdd.
- From theSCP Uplist, selectDisallow.
- From theSCP Downlist, selectDisallow.
- From theREXEClist, selectTerminate.
- To enable logging for the SSH actions, select theLogcheck boxes.
- ClickAdd Rule.
- When you are finished adding and editing rules, clickCommit Changes to System.
The SSH proxy profile is saved to the system.
To use an SSH proxy profile with a virtual server, attach the profile to a virtual
server on the Properties page, in the
Configuration (Basic)
settings.
