[c-nsp] Logging remote access logins

Hank Nussbacher hank at efes.iucc.ac.il
Wed Mar 5 03:19:58 EST 2008 

At 09:14 PM 05-03-08 +1300, Ivan wrote:

Not for all trains:

petach-tikva-gp#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
petach-tikva-gp(config)#ip ssh ?
   authentication-retries  Specify number of authentication retries
   source-interface        Specify interface for source address in SSH 
connections
   time-out                Specify SSH time-out interval
   version                 Specify protocol version supported

petach-tikva-gp(config)#^Z
petach-tikva-gp#sho vers
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 
12.2(18)SXF11, RELEASE SOFTWARE (fc1)

-Hank

>"ip ssh logging events" works well for ssh.
>
>Success
>--------
>000962: Mar  5 2008 21:09:14.376 NZDT: %SSH-5-SSH2_USERAUTH: User 'user'
>authentication for SSH2 Session from 192.168.111.10 (tty = 0) using
>crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
>000963: Mar  5 2008 21:11:06.755 NZDT: %SSH-5-SSH2_SESSION: SSH2 Session
>request from 192.168.111.10 (tty = 1) using crypto cipher 'aes256-cbc',
>hmac 'hmac-sha1' Succeeded
>
>Failure
>------
>000964: Mar  5 2008 21:11:18.498 NZDT: %SSH-5-SSH2_USERAUTH: User 'user'
>authentication for SSH2 Session from 192.168.111.10 (tty = 1) using
>crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed
>000965: Mar  5 2008 21:11:18.498 NZDT: %SSH-5-SSH2_CLOSE: SSH2 Session
>from 192.168.111.10 (tty = 1) for user 'user' using crypto cipher
>'aes256-cbc', hmac 'hmac-sha1' closed
>
>Ivan
>
>Aaron R wrote:
> > Sorry to be clear I am using local authentication only and I am 
> referring to
> > remote access telnet / ssh sessions made to the device. Is there a way to
> > simply enable exec accounting for this? It looks like I need a radius /
> > tacacs server for this. Why cant I just log this to the local log when
> > someone connects to the device. Doesn't seem like a tall order :)
> >
> > Cheers,
> >
> > Aaron.
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aaron R
> > Sent: Wednesday, March 05, 2008 4:39 PM
> > To: 'Hank Nussbacher'; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Logging remote access logins
> >
> > Hi Guys,
> >
> > I am using a local username and password configured on my devices and yes I
> > know how to log with an ACL cheers for that tho.
> >
> > Thanks,
> >
> > Aaron.
> >
> > -----Original Message-----
> > From: Hank Nussbacher [mailto:hank at efes.iucc.ac.il]
> > Sent: Wednesday, March 05, 2008 4:15 PM
> > To: Aaron R; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Logging remote access logins
> >
> > At 03:14 PM 05-03-08 +0900, Aaron R wrote:
> >
> >> Hey guys,
> >>
> >>
> >>
> >> Is there an easy way to log remote access login attempts on the cisco kit?
> >>
> > I
> >
> >> see there is a way to enable configuration change logs but I don't see an
> >> option to log accepted logins / failed logins etc.
> >>
> >
> > 1) Log which IPs logged in or were rejected:
> > line vty 0 4
> > access-class 15 in
> > ! if IPv6 enabled - don't forget to have access-class on ipv6 as well
> > ipv6 access-class vty in
> > transport input telnet ssh
> > !
> > access-list 15 permit xx.40.yy.69 log
> > access-list 15 permit xx.102.yy.47 log
> > access-list 15 deny   any log
> >
> > 2) logging userinfo:
> > http://ioshints.blogspot.com/2006/11/log-user-privilege-level-changes.html
> >
> > -Hank
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list