How to see the real IP addresses of the SSH client of SSH servers working for AWS ELB

Question

How to see the real IP addresses of the SSH client of SSH servers working for AWS ELB

We are launching two gitlab instances for AWS classic ELB. To enable git SSH sends and downloads SSH requests using git, we have added a TCP SSH port listener to AWS ELB. In SSH logs, we see that ips ELBs are not the actual IP addresses of git users. I tried to enable the proxy protocol for the SSH listener in ELB, but it destroys the SSH server. Is there a way to see a real ips client?

Nov 16 08:38:41 gitlab-1-1b sshd[14760]: Bad protocol version identification 'PROXY TCP4 x.y.z.a 0.0.0.0 61533 22' from x.y.z.a port 9407
Nov 16 08:39:08 gitlab-1-1b sshd[14825]: Bad protocol version identification 'PROXY TCP4 x.y.z.a 0.0.0.0 61554 22' from x.y.z.a port 9417

+4

gitlab ssh amazon-web-services amazon-elb

Nischay Nov 17 '16 at 10:09

source share

1 answer

VonC · Accepted Answer · 2016-11-22T05:27:48+0000

, ELB ( , ):

- (.. IP- )

, , , ELB ( ), X-Forwarded-For, " ", ssh .

ssh.

GitLab https IP- X-Forwarded-For - SSL, GitLab .
, GitLab (8.10 )

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port 443;

How to see the real IP addresses of the SSH client of SSH servers working for AWS ELB

More articles: