f5networks / f5networks.f5_bigip / 1.13.0 / module / bigip_security_ssh_profile Manage SSH proxy security profiles on a BIG-IP | "added in version" 1.13.0 of f5networks.f5_bigip" Authors: Wojciech Wypior (@wojtek0806)f5networks.f5_bigip.bigip_security_ssh_profile (1.13.0) — module
Install with ansible-galaxy collection install f5networks.f5_bigip:==1.13.0
collections: - name: f5networks.f5_bigip version: 1.13.0
Manage SSH proxy security profiles on a BIG-IP.
- hosts: all collections: - f5networks.f5_bigip connection: httpapi vars: ansible_host: "lb.mydomain.com" ansible_user: "admin" ansible_httpapi_password: "secret" ansible_network_os: f5networks.f5_bigip.bigip ansible_httpapi_use_ssl: yes tasks: - name: Create an SSH proxy profile bigip_security_ssh_profile: name: test_profile default_action: name: default_rule shell: control: disallow log: True sub_system: control: disallow log: True agent: control: terminate log: True other: control: terminate log: True lang_env_tolerance: common description: "this is a new profile" timeout: 180 state: present - name: Modify an SSH proxy profile bigip_security_ssh_profile: name: test_profile default_action: name: default_rule shell: control: allow log: False timeout: 200 state: present - name: Remove ssh proxy profile bigip_security_ssh_profile: name: test_profile state: absent
name: description: - Specifies the name of the SSH proxy security profile to manage. required: true type: str state: choices: - absent - present default: present description: - When C(present), ensures the SSH proxy security profile is created. - When C(absent), ensures the SSH proxy security profile is removed. type: str timeout: description: - Specifies a timeout for the SSH proxy, in seconds. type: int partition: default: Common description: - Device partition to manage resources on. type: str description: description: - Specifies descriptive text that identifies the SSH proxy profile. type: str default_action: description: - Specifies the default action rule for the SSH proxy security profile. - When creating a new policy, this parameter must be specified otherwise failure occurs. suboptions: agent: description: - Defines the use of an ssh-agent over the SSH tunnel. - Agent forwarding specifies the chain of SSH connections, forwards key challenges back to the original agent, removing the need for passwords or private keys on intermediate machines. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict forward_local: description: - Defines the use of the C(-L) to do local port forwarding over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict forward_remote: description: - Defines the use of the C(-R) to do remote port forwarding over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict forward_x11: description: - Defines the use of X11 forwarding over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict name: description: - Name of the C(default_action) rule to be created or modified. required: true type: str other: description: - Defines the use of other SSH commands on SSH connection. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict rexec: description: - Defines the use of C(rexec) remote execution commands over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict scp_down: description: - Defines the use of Secure Copy to copy files from a remote directory to a local directory over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict scp_up: description: - Defines the use of Secure Copy to copy files from a local directory to a remote directory over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict sftp_down: description: - Defines the use of Secure File Transfer Protocol to download files over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict sftp_up: description: - Defines the use of Secure File Transfer Protocol to upload files over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate), the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict shell: description: - Defines use of the C(shell) command to open an SSH shell channel type. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate) the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict sub_system: description: - Defines the use of the C(subsystem) command, to invoke remote commands that are defined on the server over the SSH tunnel. suboptions: control: choices: - allow - disallow - terminate description: - When set to C(allow), allows setup of the session for the selected SSH channel action. - When set to C(disallow), the SSH channel action is denied and a I(command not accepted) message is sent. - When set to C(terminate) the SSH connection is terminated with a reset message when the selected channel action is received. type: str log: description: - Specifies if logging should be enabled for the selected SSH action. type: bool type: dict type: dict lang_env_tolerance: choices: - any - none - common description: - Determines which connections with LANG environment variables set are allowed to pass through if the SSH Proxy profile has the C(other) channel type action set. - When set to C(any), allows connections with any LANG environment value set. - When set to C(none), disallows all connections with the LANG environment variable set. - When set to C(common) allows only connections with the LANG environment value set to C(en_US.UTF-8) to pass through the C(other) restrictions. - This setting is in effect only if C(other) action is set to C(disallow) or C(terminate). type: str
default_action: description: The default action rule for SSH proxy security profile. returned: changed sample: hash/dictionary of values type: dict description: description: Descriptive text that identifies the SSH proxy profile. returned: changed sample: this is a profile type: str lang_env_tolerance: description: Determines which connections with LANG environment variables set are allowed to pass through. returned: changed sample: any type: str timeout: description: The timeout for the SSH proxy. returned: changed sample: 200 type: int