Forum Discussion
Help with SFTP iRule
Has anyone out ever written an iRule for SFTP. I know it isnt supported on LTM natively today but I figured it can probably be accomplished with an iRule. I am just having a little troubel figuring out where to start.
Any assistance would greatly be appreciated.
hoolioCirrostratus
Couldn't you just define a VIP on port 22? Is there something in particular you're trying to accomplish with a rule?
Aaron- I actually want to offload the encryption on the BIG-IP and pass unencrypted to the Tumbleweed Servers.
- hoolioI've never heard of any iRule functionality for decrypting SSH (or SCP/SFTP) traffic. There is an existing CR requesting this functionality for LTM: CR47551.
You could contact your F5 salesperson and ask them to request this functionality be added to a future release.
Aaron - I don't believe this is going to work the way you expect it to.
SFTP is not the same thing as FTPS.
In SFTP data is sent over an encrypted SSH tunnel. It is not merely encrypted data, as in the FTPS protocol.
The behavior is very different, and I don't believe it's something you'll be able to unencrypt at the BIG-IP layer.
Colin - I agree,
I didnt think it would be possible I wanted to see if someone had this working. What about FTPS? Has anyone ever written a rule for this? - I haven't ever seen one, but it might be possible provided the rest of the FTP protocol transmission is left intact, and is just wrapped in SSL encryption.
Colin
