No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Log Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R005C00

This document provides the explanations, causes, and recommended actions of logs on the product.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



SSH/5/SSH_USER_LOGIN_FAIL: The SSH user failed to login. (ServiceType=[ServiceType], FailedReason=[FailedReason], UserName=[UserName], IPAddress=[IPAddress], VPNInstanceName=[VPNInstanceName].)


SSH user login failed.


Parameter Name Parameter Meaning


Service type.


Cause of the login failure.


User name.


IP address of the client.


Index of the VPN instance name.

Possible Causes

The possible causes are as follows:

Cause 1:

The SSH user does not exist.

Cause 2:

RSA, DSA, or ECC key does not exist.

Cause 3:

The user name or password is incorrect.

Cause 4:

Service is not enabled.

Cause 5:

A deny rule is set for the IP address in ACL.

Cause 6:

Maximum sessions are reached.

Cause 7:

Permissions are not there for user default directory.

Cause 8:

The SSH server does not support SSHv1.


  1. Run the display ssh user-information command to view the configuration of all the SSH users.

    • If the SSH user is not configured, run the ssh user command to create an SSH user.
    • If the SSH user is configured, go to other steps.

  2. Run the display rsa local-key-pair public, display dsa local-key-pair public, display ecc local-key-pair public command to view the public key in the local key pair.

    • If the RSA, DSA, or ECC key is not configured, run the rsa local-key-pair create, display dsa local-key-pair public, ecc local-key-pair create command to generate the local host key pair and the server key pair.
    • If the RSA, DSA, or ECC key is configured, go to other steps.

  3. Ensure that the user name and password is correct.
  4. Ensure that the services are enabled.
  5. Run the display acl command to review ACL rules.

    • If the user IP address matches a rule with the behavior of deny, run the acl command to enter the ACL view and run the rule command to change the behavior from deny to permit.
    • If the user IP address does not match a rule with the behavior of deny, go to other steps.

  6. Ensure that the maximum sessions are not reached.
  7. Enable SSH users to access the default directory on the SSH server.
  8. Check the supported SSH versions using the display ssh server statuscommand, and use a correct SSH version to log in to the system. SSHv1 is insecure and therefore not recommended.
  9. Collect information about configurations, and log messages, and then contact technical support personnel.
Updated: 2019-04-20

Document ID: EDOC1100039602

Views: 178626

Downloads: 112

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next