01-30-2024 08:52 AM
Hi,
On my C819G router I have switched from standard user/password ssh login to pubkey, but now my "sh login failed" list doesn't update on failed attempts. Is there any other way to see who's trying to get into my router?
Regards
Marcin Maciejewicz
01-30-2024 10:49 AM
how is your Logging configured ?
check you get any output using :
ip ssh logging event
also refer below thread - see that can help you :
01-30-2024 01:53 PM
Hello,
when you configure:
819(config)#login on-failure log
and then do a:
819#sh log | include LOGIN_FAILED
do you get any output, that is, does the login failure generate a syslog at all ?
01-31-2024 04:49 AM
Yes, I do have entries in my log, but after some tests I've noticed that they appear only after I provide wrong private key. If none is provided and connection is automaticly closed then I don't have any trace in the log.
01-31-2024 07:44 AM
OK, I've checked carefully my syslog and I see failed attempts under SSH-5-SSH2_CLOSE events. Not elegant way, but if there's no way to force them to show under "sh login f" then it'll have to suffice.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide