Forum Discussion

Kristian_89589's avatar
Kristian_89589
Icon for Nimbostratus rankNimbostratus
Apr 15, 2010

bash shell w/ TACACS+ authorisation

Hi,     I'm having some issues around getting directly into the 'bash' console with TACACS+ authorisation.   I have engaged F5, but I haven't had much assistance so far.     First off, ...
config
design
Kevin_Davies's avatar
Kevin_Davies
Icon for Nacreous rankNacreous
Oct 22, 2017

Direct advanced shell access for remote users is not available for the reasons already stated by F5 in K10272

 

If you want to support local shell access under specific user accounts then you have to create a local account on the BIG-IP. This means your automation needs to include this step in deploying a new advanced shell user. Specifically it needs to create a the local user account using tmsh or the api and specify the shell as advanced shell. This will then create the local user account that is required for this to work.

 

The reason they don't do this automatically is likely to be security. Every advanced shell user is a root level user. Their is no discrimination, nor any access control for root level users. Would you want external authentication systems triggering the creation of a root level user on your BIG-IP?