Forum Discussion

kvshreyas8_3415's avatar
Icon for Nimbostratus rankNimbostratus
Nov 21, 2017

How to pass client IP onto access logs for TCP (port:22) connections?

We have bitbucket installed and we would want to capture client ip address for every ssh git operation. We were able to capture client IP for http git operation. We have apache httpd configured and we added the following configuration to make it work (under "IfModule log_config_module" section).

RemoteIPHeader x-client-ip


LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %% %T %D" combined

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %% %T %D SSL: %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined-ssl

By this, we're able to capture client IP for all git operations of http. But, we're not able to get the client IP for SSH Git operations. Currently, it is capturing LTM IP in the access logs.

2 Replies

  • Hi kvshreyas8,


    the SSH protocol does not provide such a "X-Forwarded-For" or "X-Client-IP" feature like the HTTP protocol does.


    The only chance I currently see to still meet your requirements, is to inject the original Client-IP into the initial cleartext Client/Version exchange of the SSH conversation (its the first TCP packet send by the client to the server).


    The outcome of this injection technique would then still depend on the logging abilities of your SSH server. If the SSH server is able to log the SSH-User-Agent/Version string passed during SSH negotiation, then you could somehow parse the original client IP out of those log lines...


    Cheers, Kai