I got logged in as root and still get the permissions issue, do I need to chmod something?
Use the bigpipe shell utility to make changes to the system configuration.
For more information, see bigpipe sshd help.
The strategy used for options in the default sshd_config shipped with
OpenSSH is to specify options with their default value where
possible.
Port 22
Protocol 2,1
Protocol 2
AddressFamily any
It's best to leave this setting as it is and use "bigpipe sshd allow".
An even better idea is to make sure that your self-IPs do not allow traffic
on port 22. This is the default, so installations are secure by default.
ListenAddress 0.0.0.0
ListenAddress ::
HostKey for protocol version 1
HostKey /config/ssh/ssh_host_key
HostKeys for protocol version 2
HostKey /config/ssh/ssh_host_rsa_key
HostKey /config/ssh/ssh_host_dsa_key
Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 1h
ServerKeyBits 768
Logging
obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG
Authentication:
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
For this to work you will also need host keys in /config/ssh/ssh_known_hosts
RhostsRSAAuthentication no
similar for protocol version 2
HostbasedAuthentication no
Change to yes if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
F5 Note
Password authentication should be left on "no". The above desription
is not quite correct. "PasswordAuthentication yes" means that sshd
reads /etc/passwd and /etc/shadow. Instead, BigIP uses
"KeyboardInteractive" mode, which uses PAM authentication.
PasswordAuthentication no
PermitEmptyPasswords no
Change to no to disable s/key passwords
ChallengeResponseAuthentication yes
Kerberos options
KerberosAuthentication no
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
KerberosGetAFSToken no
GSSAPI options
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
This is enabled, PAM authentication is allowed through the
ChallengeResponseAuthentication and PasswordAuthentication.
UsePAM no
UsePAM yes
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding no
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
UseLogin no
UsePrivilegeSeparation yes
PermitUserEnvironment no
Compression delayed
ClientAliveInterval 0
ClientAliveCountMax 3
ClientAliveInterval 60
ClientAliveCountMax 10
UseDNS yes
PidFile /var/run/sshd.pid
MaxStartups 10
PermitTunnel no
override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server