Is it possible to capture the login id out of a SSH session with an iRule?

Question

We have an iRule that looks for logins other than annoymous and rejects the seesion for our ftp site. We would like to have the same protection for our SFTP site. Can this be done with TCP::Collect?

hooleylist · Answer

I don't think it's possible to decrypt SSH/SFTP on BIG-IP.  The username should be encrypted so I don't think you can parse it from the logon attempt.&nbsp;
https://devcentral.f5.com/articles/ftps-offload-via-irules&nbsp;
Aaron&nbsp;

Forum Discussion

Is it possible to capture the login id out of a SSH session with an iRule?

1 Reply

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

DevCentral Connects hosts Capture the Flag!

Automating Packet Captures on BIG-IP

Capture part of URI and do not redirect.

Tcpdump Capture

User roles per partition: are multiple possible?