Details
You can update the SSH access list from both the Configuration utility and the command line.
Solution
1. Log in to the Configuration utility.
2. Go to System > Platform.
3. For SSH IP Allow, select Specify Range and then enter the IP addresses or address ranges for the remote systems allowed to use SSH to communicate with this system.
Important: Separate the IP address entries with a space. If you separate the IP addresses with a comma, a non-working entry is added to the /etc/hosts.allow file which potentially prevents you from reconnecting to the network through SSH.
For example, to restrict access to only systems on the 192.168.0.0 network, and host 10.10.10.1, enter the IP addresses in the following format:
192.168.*.* 10.10.10.1
4. Select Update.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system F5.
References
- 800-53|SC-5
- CAT|I
- CCI|CCI-002385
- Rule-ID|SV-74647r1_rule
- STIG-ID|F5BI-DM-000239
- Vuln-ID|V-60217