SSH/5/SSH_INSECURE_LOGIN: SSH server login is insecure. (ServiceType=[ServiceType], UserName=[UserName], IPAddress=[IPAddress], VPNInstanceName=[VPNInstanceName], Reason=[Reason])
In VS mode, this log is supported only by the admin VS.
| Parameter Name | Parameter Meaning |
|---|---|
|
ServiceType |
Indicates the service type. |
|
UserName |
Indicates the user name. |
|
IPAddress |
Indicates IP address of the client. |
|
VPNInstanceName |
Indicates the name of the VPN instance. |
|
Reason |
Possible causes of insecure login are as follows: -SSH·server·connection·is·established·with·one·of·the·following·insecure·cipher·algorithms:·des_cbc,·3des_cbc,·arcfour128,·arcfour256,·aes128_cbc,·aes192_cbc,·aes256_cbc,·md5,·md5_96,·sha1,·sha1_96·and·sha2_256_96. -SSH·server·connection·is·established·with·one·of·the·following·insecure·HMAC·algorithms:·md5,·md5_96,·sha1,·sha1_96·and·sha2_256_96. -Length·of·identity·key·(RSA,·DSA)·is·less·than·2048·bits |
Cause 1: SSH server connection is established with one of the following insecure cipher algorithms: des_cbc, 3des_cbc, arcfour128, arcfour256, aes128_cbc, aes192_cbc, aes256_cbc, md5, md5_96, sha1, sha1_96 and sha2_256_96.
Cause 2: SSH server connection is established with one of the following insecure HMAC algorithms: md5, md5_96, sha1, sha1_96 and sha2_256_96.
Cause 3: Length of identity key (RSA, DSA) is less than 2048 bits.
Cause 1: Use secure cipher algorithm to establish the connection like aes128_ctr and aes256_ctr.
Cause 2: Use secure HMAC algorithm to establish the connection like sha2_256.
Cause 3: Configure identity key (RSA, DSA) with length 2048 bits.