Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0, 15.1.1, 14.1.4, 13.1.4
Opened: May 09, 2018 Severity: 4-Minor
There is no limit to the number of users that can login concurrently onto a BIG-IP system.
System can potentially run out of memory.
Multiple users are logged into the BIG-IP device through SSH at the same time.
Provide a way to limit the number of concurrent user SSH sessions.
There are new db variables available for specifying SSH session limits, overall, per-user, and for a specific user. -- Command: modify sys global-settings ssh-session-limit [enable/disable] Specifies enable/disable of ssh session limit feature. + Enables the feature; feature is functional with default values. + Defaults: feature is not enabled for admin/root privileged user. + Total session limit for all users is 10 sessions. -- Command: modify sys global-settings ssh-root-session-limit [enable/disable] Specifies enable/disable of SSH session limit feature for root user. + Enables feature for admin/root privileged user. + Total session limit for all users is still 10 sessions. -- Command: modify sys global-settings ssh-max-session-limit <value> Specifies a global maximum number of SSH sessions. + Changes the default global setting limit of 10 to the specified value. -- Command: modify sys global-settings ssh-max-session-limit-per-user <value> Specifies a global maximum number of SSH sessions for each user. + Sets the maximum session limit per user. + Total sessions on the system are still enforced by the setting for ssh-max-session-limit. -- Command: create auth user <> session-limit <value> Specifies a user-specific SSH sessions limit. + Sets the maximum number of sessions for a particular user. + Total sessions on the system are still enforced by the setting for ssh-max-session-limit.
There are new db variables available for specifying SSH session limits, overall, per-user, and for a specific user. -- Command: modify sys global-settings ssh-session-limit [enable/disable] Specifies enable/disable of ssh session limit feature. + Enables the feature; feature is functional with default values. + Defaults: feature is not enabled for admin/root privileged user. + Total session limit for all users is 10 sessions. -- Command: modify sys global-settings ssh-root-session-limit [enable/disable] Specifies enable/disable of SSH session limit feature for root user. + Enables feature for admin/root privileged user. + Total session limit for all users is still 10 sessions. -- Command: modify sys global-settings ssh-max-session-limit <value> Specifies a global maximum number of SSH sessions. + Changes the default global setting limit of 10 to the specified value. -- Command: modify sys global-settings ssh-max-session-limit-per-user <value> Specifies a global maximum number of SSH sessions for each user. + Sets the maximum session limit per user. + Total sessions on the system are still enforced by the setting for ssh-max-session-limit. -- Command: create auth user <> session-limit <value> Specifies a user-specific SSH sessions limit. + Sets the maximum number of sessions for a particular user. + Total sessions on the system are still enforced by the setting for ssh-max-session-limit.