Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
4
Replies

Logging pubkey failed logins

Marcin Maciejewicz
Level 1
Level 1

‎01-30-2024 08:52 AM

Hi,

On my C819G router I have switched from standard user/password ssh login to pubkey, but now my "sh login failed" list doesn't update on failed attempts. Is there any other way to see who's trying to get into my router?

Regards
Marcin Maciejewicz

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎01-30-2024 10:49 AM

how is your Logging configured ?

check you get any output using :

ip ssh logging event

also refer below thread - see that can help you :

https://community.cisco.com/t5/network-access-control/how-to-log-success-and-failed-login-attempt-details-to-router/td-p/1424821

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎01-30-2024 01:53 PM

Hello,

when you configure:

819(config)#login on-failure log

and then do a:

819#sh log | include LOGIN_FAILED

do you get any output, that is, does the login failure generate a syslog at all ?

0 Helpful

Marcin Maciejewicz
Level 1
Level 1
In response to Georg Pauwen

‎01-31-2024 04:49 AM

Yes, I do have entries in my log, but after some tests I've noticed that they appear only after I provide wrong private key. If none is provided and connection is automaticly closed then I don't have any trace in the log.

0 Helpful

Marcin Maciejewicz
Level 1
Level 1

‎01-31-2024 07:44 AM

OK, I've checked carefully my syslog and I see failed attempts under SSH-5-SSH2_CLOSE events. Not elegant way, but if there's no way to force them to show under "sh login f" then it'll have to suffice.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card