SSH proxy implementation

Question

Hi , my scenario is -&nbsp;users need to connect to sftp server - via F5 -&nbsp;F5 has snat so sftp server cannot see real ip of users .i need to implement an allow list of username + client ip on F5 .on F5 i can see client IP - and if i implement ssh proxy - can i get username as well?thanks&nbsp;

keesvandenbos · Answer

Hi,You can restrict commands per username in the SSH proxy: SSH-Proxy
But it is not possible to restrict a client ip/username combination.I think you best chance is with an irule and data group, see this example: irule-to-pass-original-client-ip-in-ssh-proxy
Cheers,Kees

awan_m · Answer

Thnaks for the response&nbsp;Question - once i setup ssh proxy and it has the option to allow commands for users&nbsp;would i be able to log users - and then i can do a compare from datagroup and allow ip / user connections&nbsp;&nbsp;

awan_m · Answer

i have ssh proxy configured now - and ssh proxy is logging client ip and username
"ssh_serverside_auth_success","10.10.10.10","puser"
now the task how can i extract this information and compare it against a data group

with SSL - there are irule options to extract info with CLIENTSSL_DATA
how can i extract the username from ssh proxy ?

thanks

Forum Discussion

SSH proxy implementation

3 Replies

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Disabling signature for a URL

F5 rSeries || Upgrade tenant

Round-robin method not load balanced

F5 AI Roadmap

F5 object groups in AFM

Related Content

SSH Brute Force Protection with SSH Proxy

SSH forward proxy

CORS implementation

F5 XC Distributed Cloud DNS GSLB implementing Split-DNS

Implementing SSL Orchestrator - Explicit Proxy Service Configuration (Cisco WSA)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS