For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Demeter_Luo_168's avatar
Demeter_Luo_168
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015

SSH Proxy problem

Hi Friends My environment is as follow: Before: telnet client ----》 aduit device ----》 telnet server Change to: ssh client ---》 F5 BIGIP(ssh proxy) ---->> aduit device ---->> telnet server ...
application delivery
deployment
design
LTM
management
Scott_Hopkins's avatar
Scott_Hopkins
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015

Telnet and SSH are two drastically different application protocols... SSH uses a non-SSL based encryption scheme to encrypt traffic between the client and the server; telnet is basically a raw socket.

It would be possible to use something like stunnel on the client, then routing your telnet client through that, but that's still not as good as SSH. 

     Client Machine         |                 BigIP Device         | Audit Device      |     Server
----------------------------+--------------------------------------+-------------------+------------------
telnet client --> stunnel --|--> BigIP SSL/TLS virtual (offload) --|--> audit device --|--> telnet server

I'd personally recommend something like SSH, paired with auditd on the server side: http://whmcr.com/2011/10/14/auditd-logging-all-commands/