For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kvshreyas8_3415's avatar
kvshreyas8_3415
Icon for Nimbostratus rankNimbostratus
Nov 21, 2017

How to pass client IP onto access logs for TCP (port:22) connections?

We have bitbucket installed and we would want to capture client ip address for every ssh git operation. We were able to capture client IP for http git operation. We have apache httpd configured and w...
git
ip
iRules
LTM
port22
security
ssh
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Nov 21, 2017

Hi kvshreyas8,

 

the SSH protocol does not provide such a "X-Forwarded-For" or "X-Client-IP" feature like the HTTP protocol does.

 

The only chance I currently see to still meet your requirements, is to inject the original Client-IP into the initial cleartext Client/Version exchange of the SSH conversation (its the first TCP packet send by the client to the server).

 

The outcome of this injection technique would then still depend on the logging abilities of your SSH server. If the SSH server is able to log the SSH-User-Agent/Version string passed during SSH negotiation, then you could somehow parse the original client IP out of those log lines...

 

Cheers, Kai