Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-HH3C-SSH-MIB | 87.00 KB |
HH3C-SSH-MIB
About this MIB
Secure Shell (SSH) is a network security protocol. Using encryption and authentication, SSH can implement secure remote access and file transfer over an insecure network.
SSH uses the typical client-server model to establish a channel for secure data transfer based on TCP.
SSH includes two versions: SSH1.x and SSH2.0 (hereinafter referred to as SSH1 and SSH2), which are not compatible. SSH2 is better than SSH1 in performance and security.
Use this MIB to configure the SSH service.
MIB file name
hh3c-ssh.mib
Notifications
hh3cSSHUserAuthFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.22.1.3.0.1 |
User authentication failure |
Informational |
Informational |
N/A (N/A) |
ON |
Notification triggers
This notification is generated when the SSH user failed authentication.
This notification might be generated when the following events occur:
The authentication configuration on the SSH server is incorrect.
An unauthorized SSH client requests for authentication.
System impact
If this notification is generated frequently, illegal attacks might occur, which affects other users from coming online.
Status control
This notification cannot be disabled.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.22.1.2.1 (hh3cSSHAttemptUserName) |
Name of the user. |
N/A |
DisplayString |
OCTET STRING(SIZE (0..255)) |
|
1.3.6.1.4.1.25506.2.22.1.2.2 (hh3cSSHAttemptIpAddrType) |
Address type of the user. |
N/A |
InetAddressType |
INTEGER{, unknown(0),, ipv4(1), , ipv6(2), , dns(16), } |
|
1.3.6.1.4.1.25506.2.22.1.2.3 (hh3cSSHAttemptIpAddr) |
Address of the user. |
N/A |
InetAddress |
OCTET STRING(0..255) |
|
1.3.6.1.4.1.25506.2.22.1.2.4 (hh3cSSHUserAuthFailureReason) |
Reason for the authentication failure. |
N/A |
INTEGER |
exceedRetries(1), authTimeout(2), otherReason(3) |
Recommended action
To resolve this issue:
1.Verify whether the SSH client is an unauthorized client through the hh3cSSHAttemptIpAddr node:
- If the SSH client is an authorized client, go to step 2.
- If the SSH client is an unauthorized client, exclude the IP address of the client from the permit rule of the ACL.
2.Verify whether the authentication method specified on the device is consistent with that used by the SSH client:
- If the authentication methods are consistent, go to step 3 if password authentication is used, go to step 5 if publickey authentication is used, and go to step 7 if X.509v3 certificate authentication is used.
- If the authentication methods are inconsistent, use the ssh user command to configure the SSH user correctly.
3.Verify whether the user exists on the local or authentication server:
- If the user exists, go to step 4.
- If the user does not exist, add the user.
4.Verify whether the username and password of the user are correct:
- If they are correct, go to step 9.
- If they are incorrect, use the correct username and password for login.
5.Verify whether the client public key has been assigned to the user:
- If the public key has not been assigned, make sure the client public key has been imported to the device, and use the ssh user command to assign the key to the user.
- If the public key has been assigned, go to step 6.
6.Execute the display public-key peer command to verify whether the assigned public key is correct:
- If the public key is incorrect, use the public-key peer command to import the correct key.
- If the public key is correct, go to step 9.
7.Verify whether SSH certificate authentication has been configured:
- If SSH certificate authentication has not been configured, execute the ssh server pki-domain command on the device to specify a PKI domain for the SSH server, and execute the ssh user command to specify a PKI domain for the SSH client.
- If SSH certificate authentication has been configured, go to step 8.
8.Use the display pki certificate domain command to verify whether the CA certificates on the SSH server and SSH client are correct:
- If the certificates are incorrect, execute the pki import domain command on the device to import the correct certificate file, use the ssh server pki-domain command to specify a PKI domain for the SSH server, and use the ssh user command to specify a PKI domain for the SSH client.
- If the certificates are correct, go to step 9.
9.Collect alarm information and configuration data, and then contact H3C Support for help.
hh3cSSHVersionNegotiationFailure
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.22.1.3.0.2 |
SSH version negotiation failure |
Informational |
Informational |
N/A (N/A) |
ON |
Notification triggers
This notification is generated when the SSH version on the SSH server is incompatible with that on the SSH client.
System impact
No negative impact on the system.
Status control
This notification cannot be disabled.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.22.1.2.2 (hh3cSSHAttemptIpAddrType) |
Address type of the SSH user. |
N/A |
InetAddressType |
INTEGER{, unknown(0),, ipv4(1), , ipv6(2), , dns(16), } |
|
1.3.6.1.4.1.25506.2.22.1.2.3 (hh3cSSHAttemptIpAddr) |
Address of the SSH user. |
N/A |
InetAddress |
OCTET STRING (0..255) |
Recommended action
To resolve this issue:
1.Execute the display ssh server status command on the device to view the SSH version of the SSH server:
- If the SSH version is 1.99, the device supports SSH1 clients. Go to step 2.
- If the SSH version is 2.0, execute the ssh server compatible-ssh1x enable command on the device to enable support for SSH1 clients.
2.Collect alarm information and configuration data, and then contact H3C Support for help.
hh3cSSHUserLogin
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.22.1.3.0.3 |
User login |
Informational |
Informational |
N/A (N/A) |
ON |
Notification triggers
This notification is generated when a user successfully logs in.
Status control
No negative impact on the system.
System impact
This notification cannot be disabled.
Objects
OID (object name)
Description
Index nodes
Type
Value range
1.3.6.1.4.1.25506.2.22.1.1.3.1.2 (hh3cSSHSessionUserName)
User name of the SSH session.
hh3cSSHSessionID
DisplayString
OCTET STRING (0..255)
1.3.6.1.4.1.25506.2.22.1.1.3.1.3 (hh3cSSHSessionUserIpAddrType)
User address type of the SSH session.
hh3cSSHSessionID
InetAddressType
INTEGER{
unknown(0),
ipv4(1),
ipv6(2),
dns(16)
}
1.3.6.1.4.1.25506.2.22.1.1.3.1.4 (hh3cSSHSessionUserIpAddr)
User address of the SSH session.
hh3cSSHSessionID
InetAddress
OCTET STRING (0..255)
Recommended action
No action is required.
hh3cSSHUserLogoff
Basic information
OID
Event
Type
Severity
Recovery notification
Default status
1.3.6.1.4.1.25506.2.22.1.3.0.4
User logout
Informational
Informational
N/A
ON
Notification triggers
This notification is generated when a user logs out.
System impact
No negative impact on the system.
Status control
This notification cannot be disabled.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.22.1.1.3.1.2 (hh3cSSHSessionUserName) |
User name of the SSH session. |
hh3cSSHSessionID |
DisplayString |
OCTET STRING (0..255) |
|
1.3.6.1.4.1.25506.2.22.1.1.3.1.3 (hh3cSSHSessionUserIpAddrType) |
User address type of the SSH session. |
hh3cSSHSessionID |
InetAddressType |
INTEGER{, unknown(0),, ipv4(1), , ipv6(2), , dns(16), } |
|
1.3.6.1.4.1.25506.2.22.1.1.3.1.4 (hh3cSSHSessionUserIpAddr) |
User address of the SSH session. |
hh3cSSHSessionID |
InetAddress |
OCTET STRING (0..255) |
Recommended action
To resolve this issue, use the hh3cSSHSessionUserIpAddr node to verify whether the SSH client is authorized:
● If the SSH client is unauthorized, exclude the IP address of the client from the permit rule of the ACL, and edit the user authentication configuration of the client.
● If the SSH client is authorized, no action is required.
hh3cSSHLoginFailed
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.22.1.3.0.5 |
Frequent consecutive authentication failures of a user |
Error |
Warning |
1.3.6.1.4.1.25506.2.22.1.3.0.6 (hh3cSSHLoginFailedClear) |
ON |
Notification triggers
This notification is generated when the number of consecutive authentication failures of a user logging in to the SSH server reaches the upper threshold during the specified period.
System impact
The system might be attacked by unauthorized users.
Status control
This notification cannot be disabled.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
1.3.6.1.4.1.25506.2.22.1.2.9 (hh3cSSHLoginFailedTimes) |
Number of authentication failures |
N/A |
Unsigned32 |
(0..65535) |
|
1.3.6.1.4.1.25506.2.22.1.2.10 (hh3cSSHStatisticPeriod) |
Statistics period |
N/A |
Unsigned32 |
(1..120) |
Recommended action
1.To resolve this issue, verify whether the user is unauthorized through the logs:
- If the user is unauthorized, exclude the IP address of the client from the permit rule of the ACL.
- If the user is authorized, contact the administrator to obtain the correct username and password of the user. If the issue persists, go to step 2.
2.Collect alarm information and configuration data, and then contact H3C Support for help.
hh3cSSHLoginFailedClear
Basic information
|
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
|
1.3.6.1.4.1.25506.2.22.1.3.0.6 |
SSH user authentication failure notification clear |
Recovery |
Informational |
N/A (N/A) |
ON |
Notification triggers
This notification is generated when the SSH user login failure notification is cleared.
System impact
No negative impact on the system.
Status control
This notification cannot be disabled.
Object
|
OID (object name) |
Description |
Index |
Type |
Value range |
|
N/A (N/A) |
N/A |
N/A |
N/A |
N/A |
Recommended action
No action is required.
