No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
A Device Fails to Be Logged In Using STelnet

A Device Fails to Be Logged In Using STelnet

Fault Description

The SSH server fails to be logged in using STelnet.

Possible Causes

  • SSH service is disabled on the SSH server.
  • The allowed protocol in the VTY user interface view is incorrectly configured.
  • No RSA public key is configured on the SSH server.
  • No SSH user is configured on the SSH server.
  • The number of users who log in to the SSH server reaches the upper limit.
  • An ACL is bound to the VTY user interface of the SSH server.
  • The SSH version of the SSH client is incompatible with that of the SSH server.
  • First-time authentication is disabled on the SSH client.

Troubleshooting Procedure

  1. Check whether the SSH service is enabled on the SSH server.

    Log in to the SSH server through the console port or using Telnet and run the display ssh server status command to check the SSH server configuration.

    If the STelnet service is disabled, run the stelnet server enable command to enable the STelnet service on the SSH server.

  2. Check whether the access protocol is correctly configured in the VTY user interface view.

    Run the user-interface vty command on the SSH server to enter the user interface view and then run the display this command to check whether protocol inbound is set to ssh or all. If not, run the protocol inbound { ssh | all } command to allow STelnet users to log in to the device.

  3. Check whether an RSA public key is configured on the SSH server.

    A local key pair must be configured when the device works as the SSH server.

    Run the display rsa local-key-pair public command on the SSH server to check the current key pair. If no information is displayed, no key pair is configured on the server. Run the rsa local-key-pair create command to create a key pair.

    To ensure high security, it is recommended that the RSA authentication mode be not used.

  4. Check whether an SSH user is configured on the SSH server.

    Run the display ssh user-information command to view the SSH user configuration. If no configuration is available, run the ssh user authentication-type commands in the system view to create an SSH user and set an authentication mode for the SSH user.

  5. Check whether the number of login users on the SSH server reaches the upper limit.

    Log in to the device through the console port and run the display users command to check whether all VTY user interfaces are in use. By default, the maximum number of VTY user interfaces is 5. You can run the display user-interface maximum-vty command to check the maximum number of login users allowed by the device.

    If the number of login users reaches the upper limit, run the user-interface maximum-vty 15 command to increase the maximum number of login users to 15.

  6. Check whether an ACL is bound to the VTY user interface of the SSH server.

    Run the user-interface vty command on the SSH server to enter the user interface view and then run the display this command to check whether an ACL is configured on the VTY user interface. If so, record the ACL number.

    Run the display acl acl-number command on the SSH server to check whether the IP address of the STelnet client is denied in the ACL. If so, run the undo rule rule-id command in the ACL view to delete the deny rule and then run the corresponding command to modify the ACL and permit the IP address of the client.

  7. Check the SSH version on the SSH client and server.

    Run the display ssh server status command on the SSH server to check the SSH version.

    If the SSHv1 client logs in, run the ssh server compatible-ssh1x enable command to enable the version compatibility function on the server.

  8. Check whether first-time authentication is enabled on the SSH client.

    Run the display this command in the system view on the SSH client to check whether first-time authentication is enabled on the SSH client.

    If not, the initial login of the SSH client fails because validity check on the public key of the SSH server fails. Run the ssh client first-time enable command to enable first-time authentication on the SSH client.

  9. If the fault persists, collect error information and contact technical support personnel.

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 444661

Downloads: 4299

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next