Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

SSH profile

Mark_Haine_9854
Nimbostratus
Nimbostratus

I would like to distribute SSH connections to different servers based on the userID presented by the client. Unfortunately that attribute is only exchanged once the cryptography is up and running within the SSH protocol. I think this means that I would need SSH profiles that behave in a similar fashion to the SSL profiles and ideally some iRule commands that allow me to easily access various attributes of the SSH protocol once it has been de-crypted.

 

Is there such a thing that I am unaware of? Can anyone suggest an alternative approach?

 

Thanks,

 

Mark

 

6 REPLIES 6

nitass
F5 Employee
F5 Employee

i do not think it is possible as of now.

 

nitass_89166
Noctilucent
Noctilucent

i do not think it is possible as of now.

 

Hey James, I'm successfully proxying my ssh connections through the F5 with the SSH Proxy protocol. Any idea how I'd now be able to route my connection based on username? I don't see any obvious irule commands that might supply the connections username.

No way. SSH is not SSL/TLS. It provides end to end integrity and cannot be intercepted. Only L4 balancing with persistence will solve it for you.