Why does NE40 often receive the log alarm of SSH?
Current FSM is : SSH_Main_VersionMatch
%Dec 22 18:13:49 2006 Quidway SSH/5/fsm_move:FSM MOVE FROM SSH_Main_VersionMatch
%Dec 22 18:13:50 2006 Quidway SSH/5/fsm_move:FSM MOVE FROM SSH_Main_Connect TO S
%Dec 22 18:13:51 2006 Quidway SSH/5/ver_major_err:Protocol major versions differ
: 1 vs. 2
%Dec 22 18:13:51 2006 Quidway SSH/5/err_dissconnect:The connection is closed by
This is because of SSH attack. NE40 only supports SSH1.5, and the SSH client that performs attack is SSH 2.0, so it will alarm that SSH does not match. Such alarms will not influence the services generally, but if there are a lot of attacks, it is likely to increase the CPU utilization.
Two methods can help solve the problem:
1. In the ACL against virus, deny the port 22 of both TCP and UDP, and apply the ACL; the alarm disappears.
2. Enter user-interface vty 0 4 mode and execute: protocol inbound telnet command; the alarm disappears.