Solved: sshd messages after update

renateneike · ‎02-02-2026

Hello,

I have a FPR-4112-K9 firewall cluster with software version 2.16(1.147). It runs an ASA cluster with software version 7.22(1).
Since updating to the above versions two weeks ago, I get the following messages when logging in with ssh:
Firepower:

%AUTH-3-SYSTEM_MSG: error: Unable to load host key: /isan/etc/ssh_host_ecdsa_key - sshd[31426]
%DAEMON-3-SYSTEM_MSG: error: lastlog_openseek: couldn't stat /var/log/lastlog: No such file or directory - sshd[31467]

ASA:

%ASA-3-199015: 3 February 07:22:43 sshd: PAM unable to resolve symbol: pam_sm_setcred
%ASA-3-199015: 3 February 07:22:50 sshd: pam_lastlog(sshd:session): unable to open /var/log/btmp: No such file or directory

What can I do about this?

On my data centre switches (Nexus9000), I was able to start bash and create /var/log/btmp. That doesn't work here.

Many thanks in advance.

balaji.bandi · ‎02-03-2026

You can remove sending logs to the syslog server -

no logging message 199015

lower the severity.

 logging message 199015 level X

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎02-02-2026

On FXOS, you may need to regenerate the FXOS SSH keys. This forces the system to re-create the missing file pointers.

check guide :

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/2120/web-guide/b_GUI_FXOS_ConfigGuide_2120/platform_settings.html#task_B6475127711E46A698F40865FDC44C38

ASA cluster with software version 7.22(1).

I'm taking this as ASA code 9.22; I may try to recreate the SSH key from the console and test

example :

no ssh version 2
ssh version 2
crypto key generate rsa modulus 2048

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

renateneike · ‎02-03-2026

Oh yes, ASA code 9.22(2)20 is installed.

But what happens to my current SSH connection? I only have remote access.

balaji.bandi · ‎02-03-2026

It's safe to do from the console. If you already have an SSH connection, what is the issue? Is that only the Logs that are the issue?

You can ignore the log discriminator to report on the console.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

renateneike · ‎02-03-2026

These are only messages that come to the monitoring server. The SSH connections work without any problems.

balaji.bandi · ‎02-03-2026

You can remove sending logs to the syslog server -

no logging message 199015

lower the severity.

 logging message 199015 level X

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

renateneike · ‎02-03-2026

Thanks, the level is now Notification and that's fine. 😊

Mark Elsen · ‎02-03-2026

- @renateneike FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc17197

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

renateneike · ‎02-03-2026

Does this workaround affect the current ssh session? I only have remote access with ssh.

Mark Elsen · ‎02-03-2026

- @renateneike The workaround does not affect the current SSH session ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

renateneike · ‎02-03-2026

Thank you very much for your help. Everything has worked well so far.
Now I have this message:

%DAEMON-3-SYSTEM_MSG: error: lastlog_openseek: couldn't stat /var/log/lastlog: No such file or directory - sshd[31467]

How can I get rid of it? Can I create /var/log/lastlog?

Mark Elsen · ‎02-03-2026

- @renateneike Get a shell on your device and issue these commands :
sudo touch /var/log/lastlog
chmod 600 /var/log/lastlog

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)