Specifying allowable IP ranges for SSH access

Information

You can update the SSH access list from both the Configuration utility and the command line.

Solution

1. Log in to the Configuration utility.
2. Go to System > Platform.
3. For SSH IP Allow, select Specify Range and then enter the IP addresses or address ranges for the remote systems allowed to use SSH to communicate with this system.
Important: Separate the IP address entries with a space. If you separate the IP addresses with a comma, a non-working entry is added to the /etc/hosts.allow file which potentially prevents you from reconnecting to the network through SSH.

For example, to restrict access to only systems on the 192.168.0.0 network, and host 10.10.10.1, enter the IP addresses in the following format:

192.168.*.* 10.10.10.1

4. Select Update.

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|I, CCI|CCI-002385, Rule-ID|SV-74647r1_rule, STIG-ID|F5BI-DM-000239, Vuln-ID|V-60217

Plugin: F5

Control ID: 5c2aa3994cb2e989065bc28dda9d924ff8484087a72713a6508ff374139c6933