Forum Discussion
Aug 07, 2018
The solutions provided in the other post don't seem to work. I've tried to change the client identification string by using the iRule below, but it will prevent the client from connecting. The following error shows:
ssh_dispatch_run_fatal: Connection to 10.23.98.218: incorrect signature
It seems the client identification string is used during the key exchange, to prevent MITM attacks.
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
set payload [TCP::payload]
if { [scan [TCP::payload] {%[^-]-%[^-]-%s} protocol protocolVersion softwareVersion ] == 3 } {
log local0. "DEBUG: protocol = $protocol"
log local0. "DEBUG: protocolVersion = $protocolVersion"
log local0. "DEBUG: softwareVersion = $softwareVersion"
set clientIP [IP::client_addr]
use format: SSH-2.0-softwareversion SP comments CR LF
set newPayload "$protocol-$protocolVersion-$softwareVersion $clientIP\r\n"
TCP::payload replace 0 [TCP::payload length] $newPayload
}
TCP::release
}
I think it's impossible to forward the originating client IP-address when using SNAT.