No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Why NE40 often Receives Log Alarm of SSH Since Its Script Is not Configured with SSH Commands

Publication Date:  2012-07-27 Views:  63 Downloads:  0
Issue Description
Q: 
Why does NE40 often receive the log alarm of SSH?
       
Alarm Information
      Current FSM is : SSH_Main_VersionMatch                                          
%Dec 22 18:13:49 2006 Quidway SSH/5/fsm_move:FSM MOVE FROM SSH_Main_VersionMatch
 TO SSH_Main_Disconnect                                                         
%Dec 22 18:13:50 2006 Quidway SSH/5/fsm_move:FSM MOVE FROM SSH_Main_Connect TO S
SH_Main_VersionMatch                                                            
%Dec 22 18:13:51 2006 Quidway SSH/5/ver_major_err:Protocol major versions differ
: 1 vs. 2                                                                       
%Dec 22 18:13:51 2006 Quidway SSH/5/err_dissconnect:The connection is closed by 
SSH Server   
       
Handling Process
A: 
This is because of SSH attack. NE40 only supports SSH1.5, and the SSH client that performs attack is SSH 2.0, so it will alarm that SSH does not match. Such alarms will not influence the services generally, but if there are a lot of attacks, it is likely to increase the CPU utilization. 
Two methods can help solve the problem: 
1. In the ACL against virus, deny the port 22 of both TCP and UDP, and apply the ACL; the alarm disappears.
2. Enter user-interface vty 0 4 mode and execute: protocol inbound telnet command; the alarm disappears. 
            
Root Cause
Null
      
Suggestions
Null

END