| Operation | Log Details |
|---|---|
| SSH Successful Login | Jan 17 11:18:59:I:Security: SSH login by Test_1234 from src IP 10.6.40.119 to USER EXEC mode using RSA as Server Host Key |
| SSH Failed login attempt | Jan 17 11:20:39:I:Security: SSH access by user abc from src IP 10.6.40.119 rejected, 1 attempt(s) |
| SSH logout record/Inactivity timeout (Used by netconf as well) | Jan 17 11:20:17:I:Security: SSH logout by Test_1234 from src IP 10.6.40.119 from USER EXEC mode using RSA as Server Host Key |
| Login timeout occurred on SSH session | Jan 17 11:30:31:I:SSH: SSH disconnect due to login timeout for session from client 10.24.12.107 session id 0 |
| Server hostkey change via CLI | Jan 17 11:16:19:I:CLI CMD: "crypto key generate rsa modulus 2048" from
console
eg: Jan 17 11:16:18:I:Security: SSH Server RSA as Server Host Key enabled by operator from console session |
| Idle timeout change via CLI | Jan 17 11:30:15:I:CLI CMD: "ip ssh idle-time 235" from console |
| Authenticated retries change via CLI | Jan 17 11:30:31:I:CLI CMD: "ip ssh authentication-retries 4" from console |
| Encryption algorithm change via CLI | Jan 17 11:40:20:I:CLI CMD: "ip ssh encryption aes-only" from console |
| Invalid hostkey | Jan 17 11:40:20:E:SSH: Invalid hostkey algorithm recieved from client 10.24.12.107 session id 0 algorithm received ssh-dsa |
| Invalid key-exchange algorithm | Jan 17 11:40:20:E:SSH: Invalid key exchange algorithm recieved from client 10.24.12.107 session id 0 algorithm received diffie-hellman-group-exchange-sha256 |
| Invalid cipher algorithm | Jan 17 11:40:20:E:SSH: Invalid cipher algorithm received from client 10.24.12.107 session id 0 algorithm recieved aes-256cbc |
| Invalid MAC algorithm | Jan 17 11:40:20:E:SSH: Invalid mac algorithm recieved from client 10.24.12.107 session id 0 algorithm received hmac-sha2-512 |
| Invalid packet received | Jan 17 11:40:20:W:SSH: SSH: Packet of invalid length not within range of buffer received from client 10.10.10.1 session id 0 |
| Rekey triggered due to rekey interval expiry | Jan 17 11:40:20:I:SSH: Going for rekeying since rekey interval = 900 seconds expired for client 10.24.12.107 session id 0 |
| Rekey triggered due to packet volume expiry | Jan 17 11:40:20:I:SSH: Going for rekeying since rekey volume = 50 megabytes expired for client 10.24.12.107 session id 0 |
| Login timeout occurred on SSH session | Jan 17 11:40:20:I:SSH: SSH disconnect due to login timeout for session from client 10.24.12.107 session id 0 |
| Import an SSH public key | Jun 13 17:14:19 cer2024 SCP: Download by admin from src IP 172.16.16.254 to ssh public key. Jun 13 17:14:19 cer2024 SCP: SSH Public key file downloaded successfully. |
| Delete an SSH public key | Jun 13 16:31:41 cer2024 CLI CMD: "ip ssh pub-key remove" by admin from ssh client 172.16.16.254 |
| SSH timeout | Jun 17 17:36:16 cer2024 Security: ssh timed out by admin from src IP 172.16.16.254 from USER EXEC mode using RSA as Server Host Key |