For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Configuring the BIG-IP as an SSH Jump Server using Smart Card Authentication and WebSSH Client

Based on the feedback I got when talking about this capability on social media, I figured I would write an article and expose everyone to what this solution actually looks like and how to deploy it. ...
Published Jul 12, 2018
Version 1.0
application delivery
BIG-IP Access Policy Manager (APM)
iRulesLX
security
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Ret. Employee
My name is Steve Lyons and I reside in Tampa, FL with my 3 children, wife and Frenchie. We live the typical Florida life of swimming, fishing, boating, and BBQ. I started my F5 journey as a customer in 2009 where I was first introduced to it as a "load balancer." I have since deployed and maintained all modules realizing the BIG-IP is so much more. I joined F5 in 2015 where I have made it a personal mission to educate as many people as I can so they too can take advantage of the tremendous potential of the BIG-IP.
View Profile
Steve_Lyons's avatar
Steve_Lyons
Ret. Employee
Jan 10, 2019

Hi Scott. So the real intent of this solution was to support those that may not support smart card or Kerberos. With that, I don't see why configuring Kerberos SSO would be an issue. Create your own access policy with Kerberos SSO that still uses the WebSSH client. I will see if I can set this up in my lab and share.