SSH profile

Question

I would like to distribute SSH connections to different servers based on the userID presented by the client.  Unfortunately that attribute is only exchanged once the cryptography is up and running within the SSH protocol.  I think this means that I would need  SSH profiles that behave in a similar fashion to the SSL profiles and ideally some iRule commands that allow me to easily access various attributes of the SSH protocol once it has been de-crypted.&nbsp;
Is there such a thing that I am unaware of?
Can anyone suggest an alternative approach?&nbsp;
Thanks,&nbsp;
Mark&nbsp;

nitass_89166 · Answer

i do not think it is possible as of now.&nbsp;

nitass · Answer

i do not think it is possible as of now.&nbsp;

sven_leupold_85 · Answer

No way. SSH is not SSL/TLS. It provides end to end integrity and cannot be intercepted. Only L4 balancing with persistence will solve it for you.&nbsp;

james_deucker_2 · Answer

This is possible from 12.1 onwards with the ssh profile&nbsp;
https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.print.html&nbsp;

james_deucker_2 · Answer

This is possible from 12.1 onwards with the ssh profile&nbsp;
https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implementations-12-1-0/13.print.html&nbsp;

Forum Discussion

SSH profile

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

Update your DevCentral user profile

SSL Profiles

DoS Profiles

Server Profile SNI

SaltStack Salt SSH Command Injection Vulnerability (CVE-2020-16846)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS