No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FW Eudemon8080 hostname too long lead to FW and SIG cooperate dispensing network traffic clean-up strategy failure.

Publication Date:  2012-10-29 Views:  34 Downloads:  0
Issue Description
Firewall Eudemon8080 and SIG fail to cooperate dispensing network traffic clean-up strategy, prompting the SSH communication failure
Firewall version: V3R1C06B051 (this problem has nothing to do with firewall version)
SIG version: V1.2.3.5 C (this problem and SIG version not)
The alarm information
 1、SIG background Server information:
Received disconnect from x.x.x.x: 2: The connection is closed by SSH Server 
2、Eudemon8080 information:
0.277524030 xx-yy-zzz-Eudemon8080-1.IDC %%01SSH/8/GRP_GETKEY(d): Getting local rs
a key failed,use command"rsa local-key-pair create" to create it
3、Eudemon8080 create RSA key, prompting error:
[xx-yy-zzz-Eudemon8080-1.IDC]rsa local-key-pair create                          
% Fail to create RSA host keys.                                                
% Error occurred when get key name, please check the hostname.

Alarm Information
 1、SIG background Server information:
Received disconnect from x.x.x.x: 2: The connection is closed by SSH Server
2、Eudemon8080 information:
0.277524030 xx-yy-zzz-Eudemon8080-1.IDC %%01SSH/8/GRP_GETKEY(d): Getting local rs
a key failed,use command"rsa local-key-pair create" to create it
3、Eudemon8080 create RSA key, prompting error:
[xx-yy-zzz-Eudemon8080-1.IDC]rsa local-key-pair create                         
% Fail to create RSA host keys.                                               
% Error occurred when get key name, please check the hostname.

Handling Process
Shorten the firewall name "xx - yy - zz - Eudemon8080-1. IDC". After modify as "E8000-1", the service become normal at this case.
Root Cause
Sig background prompts SSH connection failure, and Eudemon8080 prompt rsa key error.
SSH protocol limit the key pair name, that maximum length is 32 bytes. When FW generate RSA key pair, use "hostname" + "_host" and "hostname" + "_server" as the name of the key pair respectively.
According to the above analysis, in order to guarantee RSA CK create successfully, firewall name should not be more than 25 characters.

Suggestions
SSH protocol limit the key pair name, that maximum length is 32 bytes. When FW generate RSA key pair, use "hostname" + "_host" and "hostname" + "_server" as the name of the key pair respectively. In order to guarantee RSA CK create successfully, firewall name should not be more than 25 characters.

END