Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SSH/5/SSH_USER_LOGIN_FAIL
Message
SSH/5/SSH_USER_LOGIN_FAIL: The SSH user failed to login. (ServiceType=[ServiceType], FailedReason=[FailedReason], UserName=[UserName], IPAddress=[IPAddress], VPNInstanceName=[VPNInstanceName].)
Parameters
| Parameter Name | Parameter Meaning |
|---|---|
ServiceType |
Service type. |
FailedReason |
Cause of the login failure. |
UserName |
User name. |
IPAddress |
IP address of the client. |
VPNInstanceName |
Index of the VPN instance name. |
Possible Causes
The possible causes are as follows:
Cause 1:
The SSH user does not exist.
Cause 2:
RSA, DSA, or ECC key does not exist.
Cause 3:
The user name or password is incorrect.
Cause 4:
Service is not enabled.
Cause 5:
A deny rule is set for the IP address in ACL.
Cause 6:
Maximum sessions are reached.
Cause 7:
Permissions are not there for user default directory.
Cause 8:
The SSH server does not support SSHv1.
Procedure
- Run the display ssh user-information command to view the configuration of all the SSH users.
- If the SSH user is not configured, run the ssh user command to create an SSH user.
- If the SSH user is configured, go to other steps.
- Run the display rsa
local-key-pair public, display dsa
local-key-pair public, display ecc
local-key-pair public command to view the public
key in the local key pair.
- If the RSA, DSA, or ECC key is not configured, run the rsa local-key-pair create, display dsa local-key-pair public, ecc local-key-pair create command to generate the local host key pair and the server key pair.
- If the RSA, DSA, or ECC key is configured, go to other steps.
- Ensure that the user name and password is correct.
- Ensure that the services are enabled.
- Run the display acl command to review ACL rules.
- If the user IP address matches a rule with the behavior of deny, run the acl command to enter the ACL view and run the rule command to change the behavior from deny to permit.
- If the user IP address does not match a rule with the behavior of deny, go to other steps.
- Ensure that the maximum sessions are not reached.
- Enable SSH users to access the default directory on the SSH server.
- Check the supported SSH versions using the display ssh server statuscommand, and use a correct SSH version to log in to the system. SSHv1 is insecure and therefore not recommended.
- Collect information about configurations, and log messages, and then contact technical support personnel.
