l
SSH versions of the server and the client are inconsistent.
l
The initial authentication function is not enabled on the SSH client.
Troubleshooting Flowchart
None.
Troubleshooting Procedure
NOTE
Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct
the fault, you will have a record of your actions to provide Huawei technical support personnel.
Procedure
Step 1
Check whether the SSH client and SSH server can communicate with each other.
On the SSH client and SSH server, run the
ping
command to check the network connectivity.
If the ping fails, the SSH connection cannot be established between the user and the server.
Check whether packet loss occurs on the network and the user access is stable.
Step 2
Check whether the SSH service on the SSH server is started.
Log in to the SSH server by means of Telnet and run the
display ssh server status
command
to view the configuration of the SSH server. The SFTP service is used as an example.
<Huawei>
display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP server :
Disable
The command output shows that the SFTP server is not enabled. The user can log in to the server
through SSH only after SSH services are enabled in the system. Run the following command to
enable the SSH server.
<Huawei>
system-view
[Huawei]
sftp server enable
Step 3
On the SSH server, check that the access protocol configured in the VTY user interface view is
correct.
[Huawei]
user-interface vty 0 4
[Huawei-ui-vty0-4]
display this
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
idle-timeout 0 0
protocol inbound ssh
Run the
protocol inbound
{
all
|
ssh
|
telnet
} command to configure the user access protocol.
By default, the user access protocol is Telnet. If the user access protocol is set to Telnet, the user
cannot log in to the server through SSH. If the user access protocol is set to SSH or "all", the
user can log in to the server through SSH.
Step 4
Check whether an RSA public key is configured on the SSH server.
When serving as an SSH server, a device must be configured with a local key pair.
Huawei AR2200-S Series Enterprise Routers
Troubleshooting
2 System
Issue 01 (2012-01-06)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14