SSH/5/SSHC_INSECURE_LOGIN: SSH client login is insecure. (ServiceType=[ServiceType], IPAddress=[IPAddress], VPNInstanceName=[VPNInstanceName], Reason=[Reason])
In VS mode, this log is supported only by the admin VS.
| Parameter Name | Parameter Meaning |
|---|---|
|
ServiceType |
Indicates the requested service type of the SSH connection. |
|
IPAddress |
Indicates IP address of the server. |
|
VPNInstanceName |
Indicates the name of the VPN instance. |
|
Reason |
Possible causes of insecure login are as follows: -·SSH·client·connection·is·established·with·one·of·the·following·insecure·cipher·algorithms:·des_cbc,·3des_cbc,·arcfour128,·arcfour256,·aes128_cbc,·aes256_cbc,·md5,·md5_96,·sha1,·sha1_96·and·sha2_256_96: The SSH client uses one of the following insecure encryption algorithms to establish a connection: des_cbc, 3des_cbc, arcfour128, arcfour256, aes128_cbc, aes256_cbc, md5, md5_96, sha1, sha1_96, and sha2_256_96. -·SSH·client·connection·is·established·with·one·of·the·following·insecure·HMAC·algorithms:·md5,·md5_96,·sha1,·sha1_96·and·sha2_256_96: The SSH client uses one of the following insecure HMAC authentication algorithms to establish a connection: md5, md5_96, sha1, sha1_96, and sha2_256_96. -·Length·of·identity·key·(RSA,·DSA)·is·less·than·2048·bits: The length of the RSA/DSA key pair is less than 2048 bits. |
Cause 1: SSH client connection is established with one of the following insecure cipher algorithms: des_cbc, 3des_cbc, arcfour128, arcfour256, aes128_cbc, aes256_cbc, md5, md5_96, sha1, sha1_96 and sha2_256_96.
Cause 2: SSH client connection is established with one of the following insecure HMAC algorithms: md5, md5_96, sha1, sha1_96 and sha2_256_96.
Cause 3: Length of identity key (RSA, DSA) is less than 2048 bits.
Cause 1: Use secure cipher algorithm to establish the connection like aes128_ctr and aes256_ctr.
Cause 2: Use secure HMAC algorithm to establish the connection like sha2_256.
Cause 3: Configure identity key (RSA, DSA) with length 2048 bits.