Advanced shell in v11.4?

Be sure you don't use Appliance mode. You can check it in your license file.

You can also issue commands bellow to check if it is allowed by sys.db settings.

list sys db systemauth.disablebash
list sys db systemauth.disablerootlogin

Not running in Appliance mode.

The TMOS Manual only shows "tmsh" and "Other" as choices for Terminal Access; "Advanced shell" is no longer an option in 11.4.1 as it was for 10.2.4. There's no reference on what valid choices are for "Other". "bash" is not acceptable; "bpsh" gives you the same thing as tmsh

[root@d12lp-f69-lab-a:ModuleNotLicensed:Active:Standalone] config tmsh list sys db systemauth.disablebash sys db systemauth.disablebash { value "false" } [root@d12lp-f69-lab-a:ModuleNotLicensed:Active:Standalone] config tmsh list sys db systemauth.disablerootlogin sys db systemauth.disablerootlogin { value "false" }

Thanks, Stan

Is in relation to remote roles and authentication?

Yes.

OK, then the only way you can make this work is to create local accounts with the same name as the remotely authenticated accounts but no password and configured with Advanced Shell access. The blank password isn't a risk as if the remote authentication fails only the admin or root accounts can login (I think, but worth testing).

I don't understand. The whole purpose of Remote Roles was do to away with that. And it works, they just took away the Advanced Shell choice on Terminal Access.

What are valid choices for "Other"? It seems like bash should still be available.

I'm not aware of any that work. It is very frustrating I know.

This isn't to do with F5, it's related to core Linux functionality. As far as I'm aware this was also required in v10 and I think, if memory serves, even in v9.

Ok, thanks for the info.

UPDATE: I opened a support case on this issue, and got additional information.

a) You can get to bash from tmsh by typing "run util bash" b) The 11.x BigIP TMOS: Implementations chapter Configuring Remote User Authentication and Authorization specifically lists Advanced Shell as an option, but it is not there (in 11.4.1, at least) c) The "Other" option only allows two choices, "enabled" and "disabled" (case sensitive) d) This is not a Linux auth. restriction, but rather an intentional design characteristic e) RFE 358740 "Allow bash shell for remote users" has been written to address this issue

this is what i understand...

The shell program is not a configurable option. Since remote users do not have an account defined in the /etc/passwd file, a custom shell cannot be defined there either. As a result, the shell for remote users defaults to the tmsh or bigpipe shell, depending on the software version.

sol10272: Accessing the bash shell as a remotely authenticated user