Help with SFTP iRule

Question

Has anyone out ever written an iRule for SFTP.  I know it isnt supported on LTM natively today but I figured it can probably be accomplished with an iRule.  I am just having a little troubel figuring out where to start.&nbsp;
&nbsp;Any assistance would greatly be appreciated.&nbsp;&nbsp;&nbsp;

hooleylist · Answer

Couldn't you just define a VIP on port 22?  Is there something in particular you're trying to accomplish with a rule?&nbsp;
&nbsp;Aaron

ethan_west_1101 · Answer

I actually want to offload the encryption on the BIG-IP and pass unencrypted to the Tumbleweed Servers.

hooleylist · Answer

I've never heard of any iRule functionality for decrypting SSH (or SCP/SFTP) traffic.  There is an existing CR requesting this functionality for LTM: CR47551.  &nbsp;
&nbsp;You could contact your F5 salesperson and ask them to request this functionality be added to a future release.&nbsp;
&nbsp;Aaron

colin_walker_12 · Answer

I don't believe this is going to work the way you expect it to.&nbsp;
&nbsp;SFTP is not the same thing as FTPS.&nbsp;
&nbsp;In SFTP data is sent over an encrypted SSH tunnel.  It is not merely encrypted data, as in the FTPS protocol.&nbsp;
&nbsp;The behavior is very different, and I don't believe it's something you'll be able to unencrypt at the BIG-IP layer.&nbsp;
&nbsp;Colin

ethan_west_1101 · Answer

I agree,  &nbsp;
&nbsp;I didnt think it would be possible I wanted to see if someone had this working.  What about FTPS?  Has anyone ever written a rule for this?

Forum Discussion

Help with SFTP iRule

6 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule

Live Coding with iRules - Heatmaps!