These log messages refer to the SSHD (SSH Server events) category.
2.66.1. out_of_mem (ID: 04700001)
- Default Severity
- ERROR
- Log Message
- Out of memory
- Explanation
- Memory Allocation Failure. System is running low on RAM memory.
- Firewall Action
- close
- Recommended Action
- Try to free some of the RAM used, or upgrade the amount of RAM memory.
- Revision
- 1
2.66.2. dh_key_exchange_failure (ID: 04700002)
- Default Severity
- ERROR
- Log Message
- DH Key Exchange parse error when exchanging keys with client <client>
- Explanation
- A Diffie-Hellman Key Exchange Failure occured when keys were exchanged with the client. Connection will be closed.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 2
- Parameters
- client
reason
2.66.3. illegal_version_string (ID: 04700004)
- Default Severity
- ERROR
- Log Message
- Version string is invalid.
- Explanation
- An invalid version string was received from the client. The connection will be closed.
- Firewall Action
- close
- Recommended Action
- Investigate why the SSH client is sending a malformed version string.
- Revision
- 1
2.66.4. error_occurred (ID: 04700005)
- Default Severity
- ERROR
- Log Message
- <error> occurred with the connection from client <client>.
- Explanation
- An error occurred and the connection will be closed.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- error
client
2.66.5. invalid_mac (ID: 04700007)
- Default Severity
- WARNING
- Log Message
- MAC comparison failure.
- Explanation
- The MAC received from the client is invalid. The connection will be closed.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
2.66.6. invalid_service_request (ID: 04700015)
- Default Severity
- WARNING
- Log Message
- Error processing service request from client <client>
- Explanation
- Failed to process service request sent from the client, closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- client
2.66.7. invalid_username_change (ID: 04700020)
- Default Severity
- WARNING
- Log Message
- Username change is not allowed. From name <fromname> to <toname> client. Client: <client>
- Explanation
- User changed the username between two authentication phases, which is not allowed. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- fromname
toname
client
2.66.8. invalid_username_change (ID: 04700025)
- Default Severity
- WARNING
- Log Message
- Service change is not allowed. From serivce <fromservice> to <toservice>. Client: <client>
- Explanation
- User changed the service between two authentication phases, which is not allowed. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- fromservice
toservice
client
2.66.9. max_auth_tries_reached (ID: 04700030)
- Default Severity
- ERROR
- Log Message
- Maximum authentication re-tries reached for client <client>
- Explanation
- User failed to authenticate within the maximum allowed number of tries. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- client
2.66.10. ssh_login_timeout_expired (ID: 04700035)
- Default Severity
- WARNING
- Log Message
- SSH Login grace timeout (<gracetime> seconds) expired, closing connection. Client: <client>
- Explanation
- The client failed to login within the given login grace time. Closing connection.
- Firewall Action
- close
- Recommended Action
- Increase the grace timeout value if it is set too low.
- Revision
- 1
- Parameters
- gracetime
client
2.66.11. ssh_inactive_timeout_expired (ID: 04700036)
- Default Severity
- WARNING
- Log Message
- SSH session inactivity limit (<inactivetime>) has been reached. Closing connection. Client: <client>
- Explanation
- The connect client has been inactive for too long and is forcibly logged out. Closing connection.
- Firewall Action
- close
- Recommended Action
- Increase the inactive session timeout value if it is set too low.
- Revision
- 1
- Parameters
- inactivetime
client
2.66.12. rsa_sign_verification_failed (ID: 04700050)
- Default Severity
- ERROR
- Log Message
- RSA signature verification for client <client> failed.
- Explanation
- The client RSA signuature could not be verified. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- client
2.66.13. key_algo_not_supported. (ID: 04700055)
- Default Severity
- ERROR
- Log Message
- The authentication algorithm type <keytype> is not supported. Client <client>
- Explanation
- The authentication algorithm that the client uses is not supported. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- keytype
client
2.66.14. unsupported_pubkey_algo (ID: 04700057)
- Default Severity
- NOTICE
- Log Message
- Public Key Authentication Algorithm <authalgo> from client <client> not supported/enabled.
- Explanation
- The client is trying to authenticate using a Public Key Algorithm which is either not supported or not enabled.
- Firewall Action
- close
- Recommended Action
- If the algorithm is supported by unit, configure the unit to make use of it.
- Revision
- 1
- Parameters
- authalgo
client
2.66.15. unknown_ssh_public_key (ID: 04700058)
- Default Severity
- ERROR
- Log Message
- <client> provided an unknown key for SSH authentication.
- Explanation
- The client provided an unknown SSH public key for authentication. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- client
2.66.16. max_ssh_clients_reached (ID: 04700060)
- Default Severity
- WARNING
- Log Message
- Maximum number of connected SSH clients (<maxclients>) has been reached. Denying acces for client: <client>.
- Explanation
- The maximum number of simultaneously connected SSH clients has been reached. Denying access for this attempt and closing the
connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- maxclients
client
2.66.17. client_disallowed (ID: 04700061)
- Default Severity
- WARNING
- Log Message
- Client <client> not allowed access according to the "remotes" section.
- Explanation
- The client is not allowed access to the SSH server. Closing connection.
- Firewall Action
- close
- Recommended Action
- If this client should be granted SSH access, add it in the "remotes" section.
- Revision
- 1
- Parameters
- client
2.66.18. ssh_force_conn_close (ID: 04700105)
- Default Severity
- NOTICE
- Log Message
- SSH connection is no longer valid. Client: <client>, closing connection
- Explanation
- The SSH connection is no longer valid. The might be a result of a "remotes" object being changed to no longer allow the SSH
connection. Closing connection.
- Firewall Action
- close
- Recommended Action
- None
- Revision
- 1
- Parameters
- client
2.66.19. scp_failed_not_admin (ID: 04704000)
- Default Severity
- NOTICE
- Log Message
- Administrator access could not set for session from this ip: <ip>
- Explanation
- SCP transfers can only be used if sessions has administrator access. Closing connection.
- Firewall Action
- close
- Recommended Action
- If there are other active administrator session, they might preventing this session from gaining administrator access.
- Revision
- 1
- Parameters
- ip
cOS Core 15.00.01 Log Reference Guide
