Forum Discussion
kvshreyas8_3415
Nimbostratus
NimbostratusHow to pass client IP onto access logs for TCP (port:22) connections?
We have bitbucket installed and we would want to capture client ip address for every ssh git operation. We were able to capture client IP for http git operation. We have apache httpd configured and we added the following configuration to make it work (under "IfModule log_config_module" section).
RemoteIPHeader x-client-ip
RemoteIPInternalProxy
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %% %T %D" combined
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %% %T %D SSL: %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined-ssl
By this, we're able to capture client IP for all git operations of http. But, we're not able to get the client IP for SSH Git operations. Currently, it is capturing LTM IP in the access logs.
kvshreyas8_3415Tried the following, but they do not work for our architecture.
 
https://devcentral.f5.com/s/feed/0D51T00006j2herSAA
 
https://devcentral.f5.com/s/feed/0D51T00006i7VPnSAM
 
Reasons: We cannot enable the F5s remotely to send syslog to each server with this requirement.
 
Disabling automap will cause the connection to not work at all as our architecture requires SNATTing for routing to work.
 
- Kai_Wilke
MVP
Hi kvshreyas8,
the SSH protocol does not provide such a "X-Forwarded-For" or "X-Client-IP" feature like the HTTP protocol does.
The only chance I currently see to still meet your requirements, is to inject the original Client-IP into the initial cleartext Client/Version exchange of the SSH conversation (its the first TCP packet send by the client to the server).
The outcome of this injection technique would then still depend on the logging abilities of your SSH server. If the SSH server is able to log the SSH-User-Agent/Version string passed during SSH negotiation, then you could somehow parse the original client IP out of those log lines...
Cheers, Kai
