Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Demeter_Luo_168's avatar
Demeter_Luo_168
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015

SSH Proxy problem

Hi Friends

My environment is as follow:

Before:
telnet client ----》 aduit device ----》 telnet server

Change to:
ssh client  ---》  F5 BIGIP(ssh proxy)   ---->> aduit device ---->> telnet server

In order to secure the front need to use SSH to log in,But the backend needs to audit the telnet commands log.

So BIGIP need to change the flow from telnet to ssh.

How to realize this function. iRules or Other?
application delivery
deployment
design
LTM
management

3 Replies

  • Demeter_Luo's avatar
    Demeter_Luo
    Icon for Nimbostratus rankNimbostratus
    Nov 04, 2015
    i want to releaze the combination of SSL and telnet.Is there a successful solution?
  • Scott_Hopkins's avatar
    Scott_Hopkins
    Icon for Nimbostratus rankNimbostratus
    Nov 04, 2015

    Telnet and SSH are two drastically different application protocols... SSH uses a non-SSL based encryption scheme to encrypt traffic between the client and the server; telnet is basically a raw socket.

    It would be possible to use something like stunnel on the client, then routing your telnet client through that, but that's still not as good as SSH. 

         Client Machine         |                 BigIP Device         | Audit Device      |     Server
----------------------------+--------------------------------------+-------------------+------------------
telnet client --> stunnel --|--> BigIP SSL/TLS virtual (offload) --|--> audit device --|--> telnet server

    I'd personally recommend something like SSH, paired with auditd on the server side: http://whmcr.com/2011/10/14/auditd-logging-all-commands/