Request for assistance with granting Bash access to Certificate Manager user

Question

Hello,I am currently facing an issue on my F5 BIG-IP. I have created a user with the Certificate Manager role and I would like to grant them access to the Bash command line. I have followed the recommended instructions, such as modifying the sshd_config file to allow access to Bash, but it still does not work for this user.Can you help me resolve this issue? Are there any additional restrictions or configurations that I should modify to allow this user to access the Bash command line?this is my f5 versionSys::VersionMain PackageProduct BIG-IPVersion 16.1.3.3Build 0.0.3Edition Point Release 3Date Thu Dec 22 12:07:59 PST 2022Thank you for your help.

mohamed_salah_ · Answer

Hello,
Unfortunately, I think you cannot give a non-admin user bash access. if you tried changing the terminal access on the user account, the only options for non-admin users are "disabled" and "tmsh". please check our the below link:
"By default, BIG-IP allows only remote users with Administrator role to access bash. Other remote user roles&nbsp;cannot be given direct access to advanced shell as they do not have an account defined in the /etc/passwd file, so a custom shell cannot be defined. As a result, the shell for all non-admin remote user roles defaults to tmsh."
"This is an expected behavior, however, local user who has Administrator or Resource Administrator roles can access bash."
https://my.f5.com/manage/s/article/K89001433?utm_source=f5support&amp;utm_medium=RSS
Thanks,
&nbsp;

ameli · Answer

Hello,I am following up on my previous inquiry about granting access to the Bash command line for a non-admin user on my F5 BIG-IP.Following the instructions provided in the link you shared, I modified the sshd_config file to allow the user to access tmsh. However, after doing so, I am no longer able to log in with SSH using the non-admin user's credentials. I receive the following error message: "Connection closed by X.X.X.X port 22".Could you please advise on how to resolve this issue and allow the user to log in with SSH while still granting access to tmsh? I would greatly appreciate any assistance you can provide.Thank you for your time and help.Best regards,

mohamed_salah_ · Answer

Hello,
Try to rollback any changes in sshd_config file that you made and check ssh allow list in platform tab to ensure that there is no restrictions on the IP used when accessing the device. Also, as mentioned in the article, "local user who has Administrator or Resource Administrator roles can access bash." while other users, cna grant access to tmsh only.
Thanks,

Forum Discussion

Request for assistance with granting Bash access to Certificate Manager user

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Re: Welcome to the F5 BIG-IP Migration Assistant

Re: Management Certificate

Assistance with iRule using port ranges

iRule to assist with CVE-2022-22965 mitigation

Automate Let's Encrypt Certificates on BIG-IP