SSH Log not showing username

bryan.palacios · ‎08-11-2011

Hello to everyone i need some help..... i have several Cisco 4948 in my network infrastucture, the issue that i´m having with them is when i try to view the ssh log appears something like this..

Aug 11 15:43:13 GT: %SSH-5-SSH2_USERAUTH: User '' authentication for SSH2 Session from 192.168.2.5 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded

The ip address is correct but the username is in blank i checked on other equipments (2960 access switches and 7200 series router) and they show the username field correctly...

The IOS version im using is

(cat4500-ENTSERVICESK9-M), Version 12.2(50)SG1, RELEASE SOFTWARE (fc2)

The ssh configuration is as follows..

ip ssh time-out 60

ip ssh source-interface Loopback1

ip ssh logging events

ip ssh version 2

Log configuration as follows..

logging buffered informational

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

logging trap debugging

logging facility local6

logging source-interface Loopback1

Thanks for your help...

Thomas Masters · ‎08-12-2011

Maybe not quite the same but another way to get at the information

CSCso48959 user not reported by "login on-success log" feature for SSH logins

12.2(53)SG to get past the issue

Also

I topic searched the string for 12.2(54)SG and I see usernames in the log message, so I assume an upgrade at this point will fix it.

FlorianBerthelot · ‎02-08-2019

Hi,

there is also CSCvd12371

Conditions:
"ip ssh logging events" enabled
Remote authentication.
For radius - Radius-Server not sending back User-Name in Access-Accept.
It can be seen also with TACACS.

Workaround:
Reconfigure radius to send User-Name in Access-Accept or using different authentication method

Haven't find yest how to reconfigure radius send User-name though, i'll be in touch if i find out.

/Florian