I am currently facing an issue on my F5 BIG-IP. I have created a user with the Certificate Manager role and I would like to grant them access to the Bash command line. I have followed the recommended instructions, such as modifying the sshd_config file to allow access to Bash, but it still does not work for this user.
Can you help me resolve this issue? Are there any additional restrictions or configurations that I should modify to allow this user to access the Bash command line?
this is my f5 version
Edition Point Release 3
Date Thu Dec 22 12:07:59 PST 2022
Thank you for your help.
Unfortunately, I think you cannot give a non-admin user bash access. if you tried changing the terminal access on the user account, the only options for non-admin users are "disabled" and "tmsh". please check our the below link:
"By default, BIG-IP allows only remote users with Administrator role to access bash. Other remote user roles cannot be given direct access to advanced shell as they do not have an account defined in the /etc/passwd file, so a custom shell cannot be defined. As a result, the shell for all non-admin remote user roles defaults to tmsh."
"This is an expected behavior, however, local user who has Administrator or Resource Administrator roles can access bash."
I am following up on my previous inquiry about granting access to the Bash command line for a non-admin user on my F5 BIG-IP.
Following the instructions provided in the link you shared, I modified the sshd_config file to allow the user to access tmsh. However, after doing so, I am no longer able to log in with SSH using the non-admin user's credentials. I receive the following error message: "Connection closed by X.X.X.X port 22".
Could you please advise on how to resolve this issue and allow the user to log in with SSH while still granting access to tmsh? I would greatly appreciate any assistance you can provide.
Thank you for your time and help.
Try to rollback any changes in sshd_config file that you made and check ssh allow list in platform tab to ensure that there is no restrictions on the IP used when accessing the device. Also, as mentioned in the article, "local user who has Administrator or Resource Administrator roles can access bash." while other users, cna grant access to tmsh only.