Forum Discussion
Altocumulusssh to specific partition
is it possible to ssh directly to a specific LTM partition instead of common one?
i have big-ip 3600 10.2 with LTM and ASM modules ?
thank you.
7 Replies
hoolioCirrostratus
Hi Omar,
The SSH daemon is not specific to an admin partition. Can you clarify what you're trying to do? Is this for full bash CLI access or limited shell like tmsh?
Aaron
OMHi Aaron,it is for limited tmsh...
Actually, I have 2 partitions in LTM (pre_prod and prod), and I need to navigate from one partition to another using the console for debugging purposes (ping, telnet, curl ...).
tmsh-->util-->run ping something like that
thanks.
- hoolioMaybe this:
modify auth partition default-route-domain
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/aff/70/afv/topic/aft/1177275/afc/1225641/Default.aspx
Aaron - OMit didn't work...
In other technologies, we use (switchto context) command line, I guess in F5, it's not that simple.
let me recap: If I need to ping a host in a specific routing domain (partition), I have to go with auth command in order to access that routing domain, then I can initiate the ping ?? am i wrong ?
- hoolioUnfortunately, I don't think it's that simple with routing domains. See SOL10467 for some less than elegant options:
sol10467: Userland applications on a BIG-IP system cannot connect to hosts in non-default route domains
http://support.f5.com/kb/en-us/solutions/public/10000/400/sol10467.html
Aaron 
david_20523Nimbostratus
I wrote this for telnet in route domains but it would be easy to change it for SSH and other bash tools. I found it easier than keep doing ipv6 convertsmodify script telnet { proc script::run {} { set base_record [split $tmsh::argv ] set ipdomain [lindex $base_record 1] set ip_domain [split $ipdomain "%" ] set ip_addr [lindex $ip_domain 0] set domain [lindex $ip_domain 1] set hex_domain [format %04x $domain] set port [lindex $base_record 2 ] set string [list "2620:0000:0c10:f501:0000:$hex_domain:$ip_addr"] if {$tmsh::argc eq 2} { catch {exec telnet "$string"} result } else { catch {exec telnet "$string" "$port"} result } puts "$result" if {$base_record eq "telnet" } { puts "You must supply at least a IP address and route domain" } } proc script::help {} { tmsh::add_help "This will allow telnet to connect to a IP within a route domain\n\nUsage telnet <%route_domain_id> <%route_domain_id> " } }- david_20523I wrote this for telnet in route domains but it would be easy to change it for SSH and other bash tools. I found it easier than keep doing ipv6 converts
modify script telnet {
proc script::run {} {
set base_record [split $tmsh::argv ]
set ipdomain [lindex $base_record 1]
set ip_domain [split $ipdomain "%" ]
set ip_addr [lindex $ip_domain 0]
set domain [lindex $ip_domain 1]
set hex_domain [format %04x $domain]
set port [lindex $base_record 2 ]
set string [list "2620:0000:0c10:f501:0000:$hex_domain:$ip_addr"]
if {$tmsh::argc eq 2} {
catch {exec telnet "$string"} result
} else {
catch {exec telnet "$string" "$port"} result
}
puts "$result"
if {$base_record eq "telnet" } {
puts "You must supply at least a IP address and route domain"
}
}
proc script::help {} {
tmsh::add_help "This will allow telnet to connect to a IP within a route domain\n\nUsage telnet <%route_domain_id> }
proc script::tabc {} {
puts "required values <%route_domain_id> "
}
}
