SSH profile

Mark_Haine_9854 · ‎06-Jun-2014

I would like to distribute SSH connections to different servers based on the userID presented by the client. Unfortunately that attribute is only exchanged once the cryptography is up and running within the SSH protocol. I think this means that I would need SSH profiles that behave in a similar fashion to the SSL profiles and ideally some iRule commands that allow me to easily access various attributes of the SSH protocol once it has been de-crypted.

Is there such a thing that I am unaware of? Can anyone suggest an alternative approach?

Thanks,

Mark

nitass · ‎06-Jun-2014

i do not think it is possible as of now.

James_Deucker_2 · ‎11-Oct-2016

This is possible from 12.1 onwards with the ssh profile

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implem...

nitass_89166 · ‎06-Jun-2014

i do not think it is possible as of now.

James_Deucker_2 · ‎11-Oct-2016

This is possible from 12.1 onwards with the ssh profile

https://support.f5.com/kb/en-us/products/big-ip-afm/manuals/product/network-firewall-policies-implem...

Mike_Youngstrom · ‎15-Sep-2020

Hey James, I'm successfully proxying my ssh connections through the F5 with the SSH Proxy protocol. Any idea how I'd now be able to route my connection based on username? I don't see any obvious irule commands that might supply the connections username.

Sven_Leupold_85 · ‎06-Jun-2014

No way. SSH is not SSL/TLS. It provides end to end integrity and cannot be intercepted. Only L4 balancing with persistence will solve it for you.

DevCentral

SSH profile

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

SSH profile

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards