This is my use case:
I have a bunch of hosts behind load-balancers and clients SSH through the load-balancer. The LB internally creates a new connection so the connection with the end-host has the LB`s IP addres. In order to know who started the request, load-balancer is set up to forward the client IP address in a header. Im not entirely familiar with how the forwarding works, but based on my understanding a magic number is added to the header, followed by the length of the field and then the field itself containing the ClientIP.
Is there a way to tell the SSHD to retrieve the forwarded client IP ? Im sorry if the details are little confusing, im not familiar with the networking part but my team has this use case and would like to know how to have the SSHD retrieve the CIP (client IP) from the TCP packet.
Best Answer
If the load balancing was operating in DSR mode, the sshd process would see only the client IP and never the IP of the load balancer. I assume there is something in your networking setup preventing the use of DSR, so you have to use other methods.
There are different protocol layers at which the client IP could be inserted in a header.
X-Forwarded-Foris widely used for this, but being HTTP specific, you cannot use that with ssh.Using tools such as tcpdump or wireshark, you can inspect traffic to find out which header is used to communicate the client IP. A suitable tcpdump command to run on the server could look like this
tcpdump -pni eth0 -s0 -Uw /tmp/ssh-traffic.pcap 'port 22'The output file can then be analyzed using either tcpdump or wireshark.