Fibre Channel (SAN)

Reply
New Contributor
Posts: 3
Registered: ‎08-19-2010

SSH with public key + passphrase produces SEC-1193 log entries

Guys,

I'm connecting to the following switch (as per the version command):

DES_FabricA:admin> version
Kernel:     2.6.14.2
Fabric OS:  v6.1.1d
Made on:    Wed Jan 21 04:37:29 2009
Flash:      Tue May 19 18:26:49 2009
BootProm:   1.0.12
DES_FabricA:admin>

I'm using ssh (HP-UX) with a public key and a passphrase.  While the connection certainly succeeds and all goes well I nonetheless see the entries in the errorlog (errlog -r) corresponding to the connection itself:

DES_FabricA:admin> errshow -r
Fabric OS: v6.1.1d

2010/08/20-07:41:01, , 16498,, INFO, DES_FabricA, Login information: Login successful via TELNET/SSH/RSH. IP Addr: 10.2.84.22

Type <CR> to continue, Q<CR> to stop:

2010/08/20-07:41:00, , 16497,, INFO, DES_FabricA, Security violation: Login failure attempt via TELNET/SSH/RSH. IP Addr: 10.2.84.22

Type <CR> to continue, Q<CR> to stop:

2010/08/20-07:41:00, , 16496,, INFO, DES_FabricA, Security violation: Login failure attempt via TELNET/SSH/RSH. IP Addr: 10.2.84.22

Type <CR> to continue, Q<CR> to stop:

Occasionally this even produces the following:

2010/08/19-15:04:45, , 16492,, WARNING, DES_FabricA, Sec Login Violation, is above high boundary(High=2, Low=1). Current value is 3 Violation(s)/minute.

Using ssh with password produces, as expected, just the single SEC-1203 entry.

Has anyone else seen this behaviour?  My expectation is that a successful connection should not produce these false negatives.

Thanks.

Contributor
Posts: 53
Registered: ‎06-24-2009

Re: SSH with public key + passphrase produces SEC-1193 log entries

Hi,

We have setup ssh on all our switches running FOS 6.3.0b with public keys and no passphrase. We always have seen two SEC-1193 Login failure messages before each SEC-1203 Login successful message. We see these in DCFM too.

I agree its a pain but I have found way around it.

Alastair

New Contributor
Posts: 3
Registered: ‎08-19-2010

Re: SSH with public key + passphrase produces SEC-1193 log entries

Alistair,

<< I agree its a pain but I have found way around it. >>

It seems you meant "I have found no way around it", but thanks anyway.  It's the sort of thing that utilities like log scanners tend to (correctly and properly) pick up on but in cases like this, for naught.

I'll be taking it up with out Brocade contact.

Super Contributor
Posts: 425
Registered: ‎03-03-2010

Re: SSH with public key + passphrase produces SEC-1193 log entries

Always,  the best way is to contact the vendor for suggestions and issue related events. If the equipment  is not under AMC then we have to take pain and do it ourselves.I think u will be able to solve the problem now after contacting vendor.all the best, request you to put here also for knowledge sharing , when ur issue will be resolved.Looking forward your answer

New Contributor
Posts: 3
Registered: ‎08-19-2010

Re: SSH with public key + passphrase produces SEC-1193 log entries

Well His Majesty hasn't even acknowledged yet (that was why I fingered this forum first).

I'll post anything I get.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook