Got it

Huawei Enterprise Support Community

Community Forums Routing & Switching

How to troubleshoot SSH f...

How to troubleshoot SSH faults

Created: Feb 24, 2020 09:11:02Latest reply: Mar 18, 2022 14:13:41 799 4 3 0 0

View the author ^1#

Hello, everyone!

I'd like to share with you how to troubleshoot SSH faults.

Preparations: Log in to the device through Telnet or the console port.

Step 1: Check whether the SSH server receives the connection request.

Run the following command to check whether the number of connection requests increases during SSH login: If the number does not increase, the device does not receive any TCP connection request

<huawei>display ssh server statistics

-----------------------------------------------------------------------

Total connection accepted : 10277 //Number of received connection requests

Total authentication failures : 1

Total ACL rejections : 0

Total service-type rejections : 20

Total connection denied by CLI : 0

Total connection denied by Netconf : 0

Total connec tion closed by CLI : 6

Total connection closed by Netconf : 0

Total connection closed by sock : 30

Total connection closed by AAA : 0

Total connection killed by User : 0

Total online connection : 1

-----------------------------------------------------

Step 2: Check the service status on the SSH server

Check the SSH service status and verify that the following information is correct:

(1) SSH protocol version (1.99 indicates that both SSHv1 and SSHv2 are supported.)

(2) Whether the STelnet service is enabled;

(3) Check whether the service port is changed.

(4) Check whether the source IP address is bound.

(5) Check whether the ACL is bound and whether the ip address can be passed.

[~huawei]display ssh server status

SSH Version : 2.0 //Only SSHv2 is supported.

SSH authentication timeout (Seconds) : 60

SSH authentication retries (Times) : 3

SSH server key generating interval (Hours) : 0

SSH version 1.x compatibility : Disable

SSH server keepalive : Enable

SFTP server : Disable

STELNET server : Enable //Stelnet service is enabled.

SNETCONF server : Enable

SNETCONF server port(830) : Enable

SCP server : Disable

SSH server DES : Disable

SSH server port : 22 //Stelnet service port is 22

SSH server source address : 0.0.0.0 //The source IP address is not bound.

ACL name : 3999 //ACL 3999 is bound.

ACL number :

Check the bound ACL.

[huawei]acl 3999

[huawei-acl-adv-3999]dis this

#

acl number 3999

rule 1 permit tcp source 2.2.2.2 0 0

rule 2 permit tcp source 3.3.3.3 0 0

rule 3 permit tcp source 4.4.4.4 0 0

rule 4 permit tcp source 5.5.5.5 0 0

rule 15 deny ip

#

Step 3: Check whether the SSH user configuration is correct on the SSH server.

(1) Check whether the SSH user configuration of the login account is complete.

(2) If the account used for login does not have the ssh user configuration, check whether the ssh authentication-type default password configuration exists.

<huawei>display current-configuration | inc ssh

ssh authentication-type default password

ssh user client001

ssh user client001 authentication-type password

ssh user client001 service-type all

Step 4: Diagnostic Commands

(1) Debug commands:

<huawei>debugging ssh server all

<huawei>terminal mornitor

<huawei>terminal debugging

(2) In the diagnostic view, check the login failure information.

[~hauwei-diagnose]display ssh server error

[~hauwei-diagnose]display aaa online-fail-record all

I hope this helps.

SSH Troubleshoot

x
convention：
Emotion(0)

Like (3) Dislike (0) Favorite(0) Report

 Previous: Do you know the different between tracert and traceroute

Next: OSPF Neighbor Relationships Cannot Be Established

(0) (0)

DDSN Admin Created Mar 17, 2022 02:29:21

You can also refer to the following posts about SSH login failures.

The management network port cannot be accessed through SSH

What Are the Common Causes of SSH Login Failures? How Do I Handle the Problem?

View more

x
convention：

(0) (0)

^2#

wissal

MVE Created Apr 14, 2020 05:47:23

Well explained, thanks

View more

x
convention：

(0) (0)

^3#

DDSN Admin Created Mar 17, 2022 02:29:21

You can also refer to the following posts about SSH login failures.

The management network port cannot be accessed through SSH

What Are the Common Causes of SSH Login Failures? How Do I Handle the Problem?

View more

x
convention：

(0) (0)

^4#

DDSN Admin Created Mar 17, 2022 02:30:07

The causes of SSH login failures and troubleshooting methods are clearly explained.

View more

x
convention：

(0) (0)

^5#

hemin88

Moderator Author Created Mar 18, 2022 14:13:41

Well done, good steps to troubleshoot SSH faults, thanks for sharing.

View more

x
convention：

Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:

Politically sensitive content
Content concerning pornography, gambling, and drug abuse
Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy

Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.

Please bind your phone number to obtain invitation bonus.