Forum Discussion

Teddy_Brewski's avatar
Icon for Nimbostratus rankNimbostratus
Jun 29, 2022

SFTP VIP and host keys


We have a VIP handling SFTP traffic with two backend servers in the pool.  The VIP doesn't have any special SSH profiles assigned.

Everything is working fine with host keys changing depending on the BE, but we faced with one client that can't supress or ignore warnings during host key changes.

Is there any way we can proxy a host key in the VIP configuration or it requires SSH profile?

As a workaround, can anyone share an example of iRule that can force to use a particular pool member (or particular pool) based on the source IP?

Thank you in advance.

1 Reply

  • Joe851's avatar
    Icon for Nimbostratus rankNimbostratus

    A host key is the SFTP server's public key. Ensuring the SFTP server is validated is an important aspect of the SFTP protocol. It is designed to protect against man-in-the-middle attacks where the hacker intercepts and relays an impersonated message to the other party.