SSH Proxy problem

Question

Hi Friends
My environment is as follow:
Before:
telnet client ----》 aduit device ----》 telnet server

Change to:
ssh client  ---》  F5 BIGIP（ssh proxy）   ----&gt;&gt; aduit device ----&gt;&gt; telnet server

In order to secure the front need to use SSH to log in,But the backend needs to audit the telnet commands log.

So BIGIP need to change the flow from telnet to ssh.

How to realize this function. iRules or Other？

demeter_luo · Answer

i want to releaze the combination of SSL and telnet.Is there a successful solution?

scott_hopkins · Answer

Telnet and SSH are two drastically different application protocols...  SSH uses a non-SSL based encryption scheme to encrypt traffic between the client and the server;  telnet is basically a raw socket.
It would be possible to use something like stunnel on the client, then routing your telnet client through that, but that's still not as good as SSH. 
     Client Machine         |                 BigIP Device         | Audit Device      |     Server
----------------------------+--------------------------------------+-------------------+------------------
telnet client --&gt; stunnel --|--&gt; BigIP SSL/TLS virtual (offload) --|--&gt; audit device --|--&gt; telnet server

I'd personally recommend something like SSH, paired with auditd on the server side:
http://whmcr.com/2011/10/14/auditd-logging-all-commands/

roy_leon_142188 · Answer

Thanks

Forum Discussion

SSH Proxy problem

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

SSH Brute Force Protection with SSH Proxy

SSH forward proxy

SSH proxy not working

Proxy Protocol v2 Initiator

Proxy Protocol Initiator

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS