SSH Proxy problem

Question

Hi Friends
My environment is as follow:
Before:
telnet client ----》 aduit device ----》 telnet server

Change to:
ssh client  ---》  F5 BIGIP（ssh proxy）   ----&gt;&gt; aduit device ----&gt;&gt; telnet server

In order to secure the front need to use SSH to log in,But the backend needs to audit the telnet commands log.

So BIGIP need to change the flow from telnet to ssh.

How to realize this function. iRules or Other？

demeter_luo · Answer

i want to releaze the combination of SSL and telnet.Is there a successful solution?

scott_hopkins · Answer

Telnet and SSH are two drastically different application protocols...  SSH uses a non-SSL based encryption scheme to encrypt traffic between the client and the server;  telnet is basically a raw socket.
It would be possible to use something like stunnel on the client, then routing your telnet client through that, but that's still not as good as SSH. 
     Client Machine         |                 BigIP Device         | Audit Device      |     Server
----------------------------+--------------------------------------+-------------------+------------------
telnet client --&gt; stunnel --|--&gt; BigIP SSL/TLS virtual (offload) --|--&gt; audit device --|--&gt; telnet server

I'd personally recommend something like SSH, paired with auditd on the server side:
http://whmcr.com/2011/10/14/auditd-logging-all-commands/

roy_leon_142188 · Answer

Thanks

Forum Discussion

SSH Proxy problem

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Enable telnet on SSH

SSH proxy not working

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Seeking Guidance on Enabling Telnet Access via SSH Proxy Using F5 BIG-IP LTM

Intelligent Proxy Steering - Office365