No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Troubleshooting Procedure

Troubleshooting Procedure

Perform the following operations after logging in to the device through the console port.
  1. Check whether the network connection is normal.

    Before a user logs in to the SSH server using SSH, reachable routes must exist between the user client and SSH server. Ping the IP address of the SSH server from the client to check whether the network connection between the client and server is normal. Make sure that the fault is not caused by an SSH connection setup failure.

  2. Check whether a local key pair is generated on the SSH server.

    To ensure successful login to the SSH server, configure and generate a local key pair first. The login failure may be caused by an incorrect key pair. The methods of checking whether a key pair is generated on the SSH server are as follows:
    • View RSA public key information.

      <HUAWEI> display rsa local-key-pair public
      Info: Local key pair is not generated.  
    • View DSA public key information.

      <HUAWEI> display dsa local-key-pair public
      Info: The DSA host keys are not found.   
    • View ECC public key information.

      <HUAWEI> display ecc local-key-pair public
      Info: Local key pair is not generated.  

    The preceding command outputs show that no public key is configured on the server. Run the rsa local-key-pair create, dsa local-key-pair create, or ecc local-key-pair command in the system view to generate an RSA, a DSA, or an ECC key pair.

  3. Check whether first-time authentication is enabled on the SSH client.

    If the SSH client connects to the SSH server for the first time and the SSH server's public key is not configured on the SSH client, enable first-time authentication on the SSH client to access the SSH server and save the public key on the SSH client. The SSH client uses the saved public key to authenticate the SSH server the next time it connects to the server. By default, first-time authentication is disabled on the SSH client.
    • The check method is as follows:

      <HUAWEI> display current-configuration | include ssh
      ssh client first-time enable   

      If ssh client first-time enable is displayed in the command output, first-time authentication is enabled on the SSH client. Otherwise, first-time authentication is disabled.

    • The configuration method is as follows:

      <HUAWEI> system-view
      [~HUAWEI] ssh client first-time enable
      [*HUAWEI] commit
  4. Check whether the SSH versions of the SSH client and server match.

    There are two incompatible SSH versions: 1.x and 2.0. If the SSH version of the client is 2.0 and that of the server is 1.x, the client fails to log in to the server. Change the SSH version of the server to 2.0 to rectify the login failure fault caused by incompatible SSH versions.

    Compared with SSH 1.x, SSH 2.0 is expanded in structure to support more authentication modes and key exchange modes, and has higher security (avoiding security risks of SSH 1.X). Therefore, SSH 2.0 is recommended.

Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 603884

Downloads: 2938

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next