Manual Chapter : Creating a WebSSH Resource

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

Creating a WebSSH Resource

You need to have developed an Authentication Configuration before you can create a WebSSH Resource.
Next, you create a WebSSH Resource which represents an application or other information that exists on a backend server and is secured by SSH.
  1. On the Main tab, click
    Access
    Ephemeral Authentication
    WebSSH Configuration
    Resource
    .
  2. Click
    Create
    .
  3. For
    Name
    , type a name for the WebSSH Resource.
  4. For
    Destination
    , specify the WebSSH Resource destination (backend server):
    1. Select either
      Host Name
      or
      IP Address
      .
    2. Type the address. For
      Host Name
      , type a fully qualified domain name (FQDN). For
      IP Address
      , both IPv4 and IPv6 addresses are supported. Example for IPv4: 10.0.0.1; and for IPv6: 2001::1.
  5. For
    Port
    , specify the SSH port on the backend server; typically, port 22 (the default).
  6. Select
    Publish on Webtop
    so the WebSSH resource is listed on the webtop.
  7. For
    Authentication Configuration
    , select the name of the Authentication Configuration to use for the WebSSH Resource.
    If not specified, the resource uses the Authentication Configuration selected in the Access Configuration that is associated with the virtual server.
  8. For customization settings, you can specify a
    Caption
    for the WebSSH Resource that will appear on the webtop, and an optional
    Image
    .
  9. Click
    Save
    .
The WebSSH Resource is created. Later, you will need to configure a WebSSH Resource in an Advanced Resource Assignment agent that is part of the access policy associated with the Ephemeral Authentication virtual server. The access policy should also contain SSO Credential Mapping with WebSSH Resources.
Next, configure the LDAP Authentication Configuration needed for authenticating the users accessing the backend server. If the backend resources also use RADIUS, you can also create a RADIUS Proxy and a RADIUS Authentication Configuration.