Manual Chapter :
SSH proxy permissions
Applies To:
Show VersionsBIG-IP AFM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
SSH proxy permissions
In an SSH proxy profile, you can configure whether to Allow,
Disallow, or Terminate SSH proxy permissions. Non-default action rules include an Unspecified
option, which means use the Default Action. You can also choose to log the rule
actions.
Channel action | Description |
---|---|
Shell | Defines use of the shell command to establish an
interactive terminal (command line) session, or shell, on the remote host. It
determines whether the SSH proxy allows establishing interactive sessions.Note that
Shell depends on Other. If Other is disabled, users cannot obtain Shell
access. |
Sub System | Defines the use of the subsystem command, to invoke remote
commands that are defined on the server over the SSH tunnel. It allows SSH servers to
be configured to abstract certain commands and procedures. |
SFTP Up | Defines the use of Secure File Transfer Protocol ( sftp ) to upload (put ) files over the SSH tunnel. |
SFTP Down | Defines the use of Secure File Transfer Protocol ( sftp ) to download (get ) files over the SSH tunnel. |
SCP Up | Defines the use of Secure Copy ( scp ) to copy files from a local directory to a remote directory over the SSH tunnel. |
SCP Down | Defines the use of Secure Copy ( scp ) to copy files from a remote directory to a local directory over the SSH tunnel. |
Rexec | Defines the use of rexec remote execution commands over
the SSH tunnel. SSH can be configured to deny interactive sessions, while allowing
specific commands to execute on the remote host. |
Forward Local | Defines the use of the -L to do local port forwarding over
the SSH tunnel. That way, SSH can be used to set up an encrypted tunnel to a remote
host. |
Forward Remote | Defines the use of the -R to do remote port forwarding over
the SSH tunnel. That way, SSH can be used to set up an encrypted tunnel from a remote
host. |
Forward X11 | Defines the use of X11 forwarding over the SSH tunnel. |
Agent | Defines the use of ssh-agent over the SSH tunnel. Agent
forwarding specifies that the chain of SSH connections forwards key challenges back to
the original agent, removing the need for passwords or private keys on intermediate
machines. |
Other | Provides a catch-all category. Any channel type not
handled by another permission is handled here. If set to Disallow or Terminate, the
following channel types are also affected (Disallowed or Terminated): Shell, Agent,
X11, Local port forwarding, and Remote port forwarding.The Lang Env Tolerance setting
only takes effect when Other is set to Disallow or Terminate. |